unshare(2)

NAME

unshare - disassociate parts of the process execution context

SYNOPSIS

#define _GNU_SOURCE
#include <sched.h>
int unshare(int flags);

DESCRIPTION

unshare() allows a process to disassociate parts of its execution context that are currently being shared with other processes. Part of the execution context, such as the mount namespace, is shared implicitly when a new process is created using fork(2) or vfork(2), while other parts, such as virtual memory, may be shared by explicit request when creating a process using clone(2).

The main use of unshare() is to allow a process to control its shared execution context without creating a new process.

The flags argument is a bit mask that specifies which parts of the execution context should be unshared. This argument is specified by ORing together zero or more of the following constants:

CLONE_FILES
Reverse the effect of the clone(2) CLONE_FILES flag. Unshare the file descriptor table, so that the calling process no longer shares its file descriptors with any other process.
CLONE_FS
Reverse the effect of the clone(2) CLONE_FS flag. Unshare file system attributes, so that the calling process no longer shares its root directory, current directory, or umask attributes with any other process. chroot(2), chdir(2), or umask(2)
CLONE_NEWNS
This flag has the same effect as the clone(2) CLONE_NEWNS flag. Unshare the mount namespace, so that the calling process has a private copy of its namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_FS as well.
If flags is specified as zero, then unshare() is a no-op; no changes are made to the calling process's execution context.

RETURN VALUE

On success, zero returned. On failure, -1 is returned and errno is set to indicate the error.

ERRORS

EINVAL An invalid bit was specified in flags.

ENOMEM Cannot allocate sufficient memory to copy parts of caller's con
text that need to be unshared.
EPERM flags specified CLONE_NEWNS but the calling process was not
privileged (did not have the CAP_SYS_ADMIN capability).

VERSIONS

The unshare() system call was added to Linux in kernel 2.6.16.

CONFORMING TO

The unshare() system call is Linux-specific.

NOTES

Not all of the process attributes that can be shared when a new process is created using clone(2) can be unshared using unshare(). In particular, as at kernel 2.6.16, unshare() does not implement flags that reverse the effects of CLONE_SIGHAND, CLONE_SYSVSEM, CLONE_THREAD, or CLONE_VM. Such functionality may be added in the future, if required.

SEE ALSO

clone(2), fork(2), vfork(2), Documentation/unshare.txt

COLOPHON

This page is part of release 3.25 of the Linux man-pages project. A description of the project, and information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout