NAME
unshare - disassociate parts of the process execution context
SYNOPSIS
#define _GNU_SOURCE
#include <sched.h>
int unshare(int flags);
DESCRIPTION
unshare() allows a process to disassociate parts of its execution context that are currently being shared with other processes. Part of the execution context, such as the mount namespace, is shared implicitly when a new process is created using fork(2) or vfork(2), while other parts, such as virtual memory, may be shared by explicit request when creating a process using clone(2).
The main use of unshare() is to allow a process to control its shared execution context without creating a new process.
The flags argument is a bit mask that specifies which parts of the execution context should be unshared. This argument is specified by ORing together zero or more of the following constants:
CLONE_FILES | |
Reverse the effect of the clone(2) CLONE_FILES flag. Unshare the file descriptor table, so that the calling process no longer shares its file descriptors with any other process. | |
CLONE_FS | |
Reverse the effect of the clone(2) CLONE_FS flag. Unshare file system attributes, so that the calling process no longer shares its root directory, current directory, or umask attributes with any other process. chroot(2), chdir(2), or umask(2) | |
CLONE_NEWNS | |
This flag has the same effect as the clone(2) CLONE_NEWNS flag. Unshare the mount namespace, so that the calling process has a private copy of its namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_FS as well. | |
RETURN VALUE
On success, zero returned. On failure, -1 is returned and errno is set to indicate the error.
ERRORS
EINVAL | An invalid bit was specified in flags. |
ENOMEM | Cannot allocate sufficient memory to copy parts of callers context that need to be unshared. |
EPERM | flags specified CLONE_NEWNS but the calling process was not privileged (did not have the CAP_SYS_ADMIN capability). |
VERSIONS
The unshare() system call was added to Linux in kernel 2.6.16.
CONFORMING TO
The unshare() system call is Linux-specific.
NOTES
Not all of the process attributes that can be shared when a new process is created using clone(2) can be unshared using unshare(). In particular, as at kernel 2.6.16, unshare() does not implement flags that reverse the effects of CLONE_SIGHAND, CLONE_SYSVSEM, CLONE_THREAD, or CLONE_VM. Such functionality may be added in the future, if required.
SEE ALSO
clone(2), fork(2), vfork(2), Documentation/unshare.txt
COLOPHON
This page is part of release 3.23 of the Linux man-pages project. A description of the project, and information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.