unshare — un-share various namespaces making them private to the process
unshare [--mount] [--network] [--uts] [--ipc] [--process] [--user] {next-prog}
This command currently has no effect on BSD. Be careful, therefore, of the effect that this will have on make-private-fs(1) and make-read-only-fs(1).
unshare is a chain-loading utility that calls
unshare(2)
to "unshare" various "namespaces" from its parent process and then
chain loads to next-prog with the
execvp(3)
function.
next-prog may contain its own command line options, which unshare will ignore.
The namespaces un-shared are controlled by command-line options as follows:
The process switches to a private namespace of mounted filesystems.
The process switches to a private namespace of network interfaces.
The process switches to a private namespace of UTS names.
The process switches to a private namespace of IPC names.
The process switches to a private namespace of process IDs.
The process switches to a private namespace of user IDs.
The command will fail if the process is not running under the aegis of the superuser. Non-superusers are not permitted to unshare these things.