NAME
unshare - disassociate parts of the process execution context
SYNOPSIS
#define _GNU_SOURCE
#include <sched.h>
int unshare(int flags);
DESCRIPTION
unshare() allows a process to disassociate parts of its execution
context that are currently being shared with other processes. Part of
the execution context, such as the mount namespace, is shared
implicitly when a new process is created using fork(2) or vfork(2),
while other parts, such as virtual memory, may be shared by explicit
request when creating a process using clone(2).
The main use of unshare() is to allow a process to control its shared
execution context without creating a new process.
The flags argument is a bit mask that specifies which parts of the
execution context should be unshared. This argument is specified by
ORing together zero or more of the following constants:
CLONE_FILES
Reverse the effect of the clone(2) CLONE_FILES flag. Unshare
the file descriptor table, so that the calling process no longer
shares its file descriptors with any other process.
CLONE_FS
Reverse the effect of the clone(2) CLONE_FS flag. Unshare file
system attributes, so that the calling process no longer shares
its root directory, current directory, or umask attributes with
any other process. chroot(2), chdir(2), or umask(2)
CLONE_NEWNS
This flag has the same effect as the clone(2) CLONE_NEWNS flag.
Unshare the mount namespace, so that the calling process has a
private copy of its namespace which is not shared with any other
process. Specifying this flag automatically implies CLONE_FS as
well.
If flags is specified as zero, then unshare() is a no-op; no changes
are made to the calling process’s execution context.
RETURN VALUE
On success, zero returned. On failure, -1 is returned and errno is set
to indicate the error.
ERRORS
EINVAL An invalid bit was specified in flags.
ENOMEM Cannot allocate sufficient memory to copy parts of caller’s
context that need to be unshared.
EPERM flags specified CLONE_NEWNS but the calling process was not
privileged (did not have the CAP_SYS_ADMIN capability).
VERSIONS
The unshare() system call was added to Linux in kernel 2.6.16.
CONFORMING TO
The unshare() system call is Linux-specific.
NOTES
Not all of the process attributes that can be shared when a new process
is created using clone(2) can be unshared using unshare(). In
particular, as at kernel 2.6.16, unshare() does not implement flags
that reverse the effects of CLONE_SIGHAND, CLONE_SYSVSEM, CLONE_THREAD,
or CLONE_VM. Such functionality may be added in the future, if
required.
SEE ALSO
clone(2), fork(2), vfork(2), Documentation/unshare.txt
COLOPHON
This page is part of release 3.24 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.