Documentation/userspace-api/unshare.rst

10 ----------
14 --------
26 -----------
37 outside the confinement of all-or-nothing shared resources of legacy
38 threads. On Linux, at the time of thread creation using the clone system
44 shared at the time of their creation. unshare() was conceptualized by
45 Al Viro in the August of 2000, on the Linux-Kernel mailing list, as part
49 addition to the set of available primitives on Linux that implement
53 -----------
59 even non-threaded applications if they have a need to disassociate
60 from default shared namespace. The following lists two use-cases
63 2.1 Per-security context namespaces
67 the kernel's per-process namespace mechanism. Polyinstantiated directories,
68 such as per-user and/or per-security context instance of /tmp, /var/tmp or
69 per-security context instance of a user's home directory, isolate user
74 of shared-tree feature in the Linux kernel, even regular Linux systems
85 decide what needs to be shared at the time of creating the process
93 -------
106 ---------------
119 If and when new context flags are added, unshare() design should allow
123 ---------------------------
126 	unshare - disassociate parts of the process execution context
142 	The main use of unshare() is to allow a process to control its
145 	The flags argument specifies one or bitwise-or'ed of several of
149 		If CLONE_FS is set, file system information of the caller
153 		If CLONE_FILES is set, the file descriptor table of the
158 		If CLONE_NEWNS is set, the namespace of the caller is
162 		If CLONE_VM is set, the virtual memory of the caller is
166 	On success, zero returned. On failure, -1 is returned and errno is
169 	EPERM	CLONE_NEWNS was specified by a non-root process (process
178 	The unshare() call is Linux-specific and  should  not be used
185 --------------------
194   1) clone operates on a newly allocated not-yet-active task
222      structure, if the appropriate bit is set in the flags argument.
232 -------------------
263 	 Force implied flags. If CLONE_THREAD is set force CLONE_VM.
264 	 If CLONE_VM is set, force CLONE_SIGHAND. If CLONE_SIGHAND is
265 	 set and signals are also being shared, force CLONE_THREAD. If
266 	 CLONE_NEWNS is set, force CLONE_FS.
284 and CLONE_THREAD, return -EINVAL since they are not implemented yet.
297 ---------------------
303      yet, return -EINVAL.
323 --------------
325 The current implementation of unshare() does not allow unsharing of
329 need to allow unsharing of signals and/or signal handlers, it can