[mirror_lxc.git] / doc / lxc-unshare.sgml.in

<!--

lxc: linux Container library

(C) Copyright IBM Corp. 2007, 2008

Authors:
Daniel Lezcano <daniel.lezcano at free.fr>
Serge Hallyn <serge.hallyn at ubuntu.com>

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

-->

<!DOCTYPE refentry PUBLIC @docdtd@ [

<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
]>

<refentry>

  <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>

  <refmeta>
    <refentrytitle>lxc-unshare</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>lxc-unshare</refname>

    <refpurpose>
      Run a task in a new set of namespaces.
    </refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>lxc-unshare</command>
      <arg choice="req">-s, --namespaces <replaceable>namespaces</replaceable></arg>
      <arg choice="opt">-u, --user <replaceable>user</replaceable></arg>
      <arg choice="opt">-H, --hostname <replaceable>hostname</replaceable></arg>
      <arg choice="opt">-i, --ifname <replaceable>ifname</replaceable></arg>
      <arg choice="opt">-d, --daemon</arg>
      <arg choice="opt">-M, --remount</arg>
      <arg choice="req">command</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>
      <command>lxc-unshare</command> can be used to run a task in a cloned set
      of namespaces.  This command is mainly provided for testing purposes.
      Despite its name, it always uses clone rather than unshare to create
      the new task with fresh namespaces.  Apart from testing kernel
      regressions this should make no difference.
    </para>

  </refsect1>

  <refsect1>

    <title>Options</title>

    <variablelist>

      <varlistentry>
	<term>
	  <option>-s, --namespaces <replaceable>namespaces</replaceable></option>
	</term>
	<listitem>
	  <para>
	    Specify the namespaces to attach to, as a pipe-separated list,
	    e.g. <replaceable>NETWORK|IPC</replaceable>. Allowed values are
	    <replaceable>MOUNT</replaceable>, <replaceable>PID</replaceable>,
	    <replaceable>UTSNAME</replaceable>, <replaceable>IPC</replaceable>,
	    <replaceable>USER </replaceable> and
	    <replaceable>NETWORK</replaceable>. This allows one to change
	    the context of the process to e.g. the network namespace of the
	    container while retaining the other namespaces as those of the
	    host. (The pipe symbol needs to be escaped, e.g.
            <replaceable>MOUNT\|PID</replaceable> or quoted, e.g.
            <replaceable>"MOUNT|PID"</replaceable>.)
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>
	  <option>-u, --user <replaceable>user</replaceable></option>
	</term>
	<listitem>
	  <para>
	    Specify a userid which the new task should become.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>
	  <option>-H, --hostname <replaceable>hostname</replaceable></option>
	</term>
	<listitem>
	  <para>
	    Set the hostname in the new container.  Only allowed if
	    the UTSNAME namespace is set.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>
	  <option>-i, --ifname <replaceable>interfacename</replaceable></option>
	</term>
	<listitem>
	  <para>
	    Move the named interface into the container.  Only allowed
	    if the NETWORK namespace is set.  You may specify this
	    argument multiple times to move multiple interfaces into
	    container.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>
	  <option>-d, --daemon</option>
	</term>
	<listitem>
	  <para>
	    Daemonize (do not wait for the container to exit before exiting)
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term>
	  <option>-M, --remount</option>
	</term>
	<listitem>
	  <para>
	    Mount default filesystems (/proc /dev/shm and /dev/mqueue)
	    in the container.  Only allowed if MOUNT namespace is set.
	  </para>
	</listitem>
      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1>
    <title>Examples</title>
      <para>
        To spawn a new shell with its own UTS (hostname) namespace,
        <programlisting>
          lxc-unshare -s UTSNAME /bin/bash
        </programlisting>
	If the hostname is changed in that shell, the change will not be
	reflected on the host.
      </para>
      <para>
        To spawn a shell in a new network, pid, and mount namespace,
        <programlisting>
          lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash
        </programlisting>
	The resulting shell will have pid 1 and will see no network interfaces.
	After re-mounting /proc in that shell,
        <programlisting>
          mount -t proc proc /proc
        </programlisting>
	ps output will show there are no other processes in the namespace.
      </para>
      <para>
        To spawn a shell in a new network, pid, mount, and hostname
        namespace.
        <programlisting>
          lxc-unshare -s "NETWORK|PID|MOUNT|UTSNAME" -M -H myhostname -i veth1 /bin/bash
        </programlisting>

	The resulting shell will have pid 1 and will see two network
	interfaces (lo and veth1).  The hostname will be "myhostname" and
	/proc will have been remounted.  ps output will show there are
	no other processes in the namespace.
      </para>
  </refsect1>

  &seealso;

  <refsect1>
    <title>Author</title>
    <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>
  </refsect1>

</refentry>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
Commit	Line	Data
810567bb SH	1	<!--
	2
	3	lxc: linux Container library
	4
	5	(C) Copyright IBM Corp. 2007, 2008
	6
	7	Authors:
9afe19d6	8	Daniel Lezcano <daniel.lezcano at free.fr>
810567bb SH	9	Serge Hallyn <serge.hallyn at ubuntu.com>
	10
	11	This library is free software; you can redistribute it and/or
	12	modify it under the terms of the GNU Lesser General Public
	13	License as published by the Free Software Foundation; either
	14	version 2.1 of the License, or (at your option) any later version.
	15
	16	This library is distributed in the hope that it will be useful,
	17	but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	Lesser General Public License for more details.
	20
	21	You should have received a copy of the GNU Lesser General Public
	22	License along with this library; if not, write to the Free Software
250b1eec	23	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
810567bb SH	24
	25	-->
	26
7f951458	27	<!DOCTYPE refentry PUBLIC @docdtd@ [
810567bb SH	28
	29	<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
	30	<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
	31	]>
	32
	33	<refentry>
	34
	35	<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
	36
	37	<refmeta>
	38	<refentrytitle>lxc-unshare</refentrytitle>
	39	<manvolnum>1</manvolnum>
	40	</refmeta>
	41
	42	<refnamediv>
	43	<refname>lxc-unshare</refname>
	44
	45	<refpurpose>
	46	Run a task in a new set of namespaces.
	47	</refpurpose>
	48	</refnamediv>
	49
	50	<refsynopsisdiv>
	51	<cmdsynopsis>
1354f952	52	<command>lxc-unshare</command>
ca5a12bb	53	<arg choice="req">-s, --namespaces <replaceable>namespaces</replaceable></arg>
	54	<arg choice="opt">-u, --user <replaceable>user</replaceable></arg>
	55	<arg choice="opt">-H, --hostname <replaceable>hostname</replaceable></arg>
	56	<arg choice="opt">-i, --ifname <replaceable>ifname</replaceable></arg>
	57	<arg choice="opt">-d, --daemon</arg>
	58	<arg choice="opt">-M, --remount</arg>
810567bb SH	59	<arg choice="req">command</arg>
	60	</cmdsynopsis>
	61	</refsynopsisdiv>
	62
	63	<refsect1>
	64	<title>Description</title>
	65
	66	<para>
	67	<command>lxc-unshare</command> can be used to run a task in a cloned set
	68	of namespaces. This command is mainly provided for testing purposes.
	69	Despite its name, it always uses clone rather than unshare to create
	70	the new task with fresh namespaces. Apart from testing kernel
	71	regressions this should make no difference.
	72	</para>
	73
	74	</refsect1>
	75
	76	<refsect1>
	77
	78	<title>Options</title>
	79
	80	<variablelist>
	81
	82	<varlistentry>
	83	<term>
ca5a12bb	84	<option>-s, --namespaces <replaceable>namespaces</replaceable></option>
810567bb SH	85	</term>
	86	<listitem>
	87	<para>
	88	Specify the namespaces to attach to, as a pipe-separated list,
	89	e.g. <replaceable>NETWORK\|IPC</replaceable>. Allowed values are
	90	<replaceable>MOUNT</replaceable>, <replaceable>PID</replaceable>,
	91	<replaceable>UTSNAME</replaceable>, <replaceable>IPC</replaceable>,
	92	<replaceable>USER </replaceable> and
	93	<replaceable>NETWORK</replaceable>. This allows one to change
	94	the context of the process to e.g. the network namespace of the
	95	container while retaining the other namespaces as those of the
b922759d SY	96	host. (The pipe symbol needs to be escaped, e.g.
	97	<replaceable>MOUNT\\|PID</replaceable> or quoted, e.g.
	98	<replaceable>"MOUNT\|PID"</replaceable>.)
810567bb SH	99	</para>
	100	</listitem>
	101	</varlistentry>
	102
	103	<varlistentry>
	104	<term>
ca5a12bb	105	<option>-u, --user <replaceable>user</replaceable></option>
810567bb SH	106	</term>
	107	<listitem>
	108	<para>
13d8bde9	109	Specify a userid which the new task should become.
810567bb SH	110	</para>
	111	</listitem>
	112	</varlistentry>
	113
c1bb25a8 SR	114	<varlistentry>
c1bb25a8 SR	115	<term>
ca5a12bb	116	<option>-H, --hostname <replaceable>hostname</replaceable></option>
c1bb25a8 SR	117	</term>
	118	<listitem>
	119	<para>
	120	Set the hostname in the new container. Only allowed if
	121	the UTSNAME namespace is set.
	122	</para>
	123	</listitem>
	124	</varlistentry>
	125
	126	<varlistentry>
	127	<term>
ca5a12bb	128	<option>-i, --ifname <replaceable>interfacename</replaceable></option>
c1bb25a8 SR	129	</term>
	130	<listitem>
	131	<para>
	132	Move the named interface into the container. Only allowed
	133	if the NETWORK namespace is set. You may specify this
	134	argument multiple times to move multiple interfaces into
	135	container.
	136	</para>
	137	</listitem>
	138	</varlistentry>
	139
	140	<varlistentry>
	141	<term>
ca5a12bb	142	<option>-d, --daemon</option>
c1bb25a8 SR	143	</term>
	144	<listitem>
	145	<para>
	146	Daemonize (do not wait for the container to exit before exiting)
	147	</para>
	148	</listitem>
	149	</varlistentry>
	150
	151	<varlistentry>
	152	<term>
ca5a12bb	153	<option>-M, --remount</option>
c1bb25a8 SR	154	</term>
	155	<listitem>
	156	<para>
	157	Mount default filesystems (/proc /dev/shm and /dev/mqueue)
	158	in the container. Only allowed if MOUNT namespace is set.
	159	</para>
	160	</listitem>
	161	</varlistentry>
	162
810567bb SH	163	</variablelist>
	164
	165	</refsect1>
	166
	167	<refsect1>
	168	<title>Examples</title>
	169	<para>
	170	To spawn a new shell with its own UTS (hostname) namespace,
	171	<programlisting>
1354f952	172	lxc-unshare -s UTSNAME /bin/bash
810567bb SH	173	</programlisting>
	174	If the hostname is changed in that shell, the change will not be
	175	reflected on the host.
	176	</para>
	177	<para>
	178	To spawn a shell in a new network, pid, and mount namespace,
	179	<programlisting>
1354f952	180	lxc-unshare -s "NETWORK\|PID\|MOUNT" /bin/bash
810567bb SH	181	</programlisting>
	182	The resulting shell will have pid 1 and will see no network interfaces.
	183	After re-mounting /proc in that shell,
	184	<programlisting>
	185	mount -t proc proc /proc
	186	</programlisting>
	187	ps output will show there are no other processes in the namespace.
	188	</para>
c1bb25a8 SR	189	<para>
	190	To spawn a shell in a new network, pid, mount, and hostname
	191	namespace.
	192	<programlisting>
08401048	193	lxc-unshare -s "NETWORK\|PID\|MOUNT\|UTSNAME" -M -H myhostname -i veth1 /bin/bash
c1bb25a8 SR	194	</programlisting>
	195
	196	The resulting shell will have pid 1 and will see two network
08401048	197	interfaces (lo and veth1). The hostname will be "myhostname" and
c1bb25a8 SR	198	/proc will have been remounted. ps output will show there are
	199	no other processes in the namespace.
	200	</para>
810567bb SH	201	</refsect1>
	202
	203	&seealso;
	204
	205	<refsect1>
	206	<title>Author</title>
	207	<para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>
	208	</refsect1>
	209
	210	</refentry>
	211
	212	<!-- Keep this comment at the end of the file
	213	Local variables:
	214	mode: sgml
	215	sgml-omittag:t
	216	sgml-shorttag:t
	217	sgml-minimize-attributes:nil
	218	sgml-always-quote-attributes:t
	219	sgml-indent-step:2
	220	sgml-indent-data:t
	221	sgml-parent-document:nil
	222	sgml-default-dtd-file:nil
	223	sgml-exposed-tags:nil
	224	sgml-local-catalogs:nil
	225	sgml-local-ecat-files:nil
	226	End:
	227	-->