lxc-unshare.sgml.in revision a5ba96715d4ef264c43d4f187251de491ba198c0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc: linux Container library
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi(C) Copyright IBM Corp. 2007, 2008
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiDaniel Lezcano <daniel.lezcano at free.fr>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiSerge Hallyn <serge.hallyn at ubuntu.com>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiThis library is free software; you can redistribute it and/or
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumimodify it under the terms of the GNU Lesser General Public
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiLicense as published by the Free Software Foundation; either
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiversion 2.1 of the License, or (at your option) any later version.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiThis library is distributed in the hope that it will be useful,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumibut WITHOUT ANY WARRANTY; without even the implied warranty of
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiLesser General Public License for more details.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiYou should have received a copy of the GNU Lesser General Public
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiLicense along with this library; if not, write to the Free Software
a5ba96715d4ef264c43d4f187251de491ba198c0KATOH YasufumiFoundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
8900b9eb2514c07047541833286428572493a9fdStéphane GraberTranslated into Japanese
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiby KATOH Yasufumi <karma at jazz.email.ne.jp>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi Run a task in a new set of namespaces.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi タスクを新しい名前空間の組で実行する.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </refpurpose>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </refnamediv>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <refsynopsisdiv>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <cmdsynopsis>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <arg choice="req">-s <replaceable>namespaces</replaceable></arg>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <arg choice="req">-u <replaceable>user</replaceable></arg>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </cmdsynopsis>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </refsynopsisdiv>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <command>lxc-unshare</command> can be used to run a task in a cloned set
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi of namespaces. This command is mainly provided for testing purposes.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi Despite its name, it always uses clone rather than unshare to create
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi the new task with fresh namespaces. Apart from testing kernel
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi regressions this should make no difference.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <command>lxc-unshare</command> はクローンされた名前空間の組の中でタスクを実行するのに使います.このコマンドは主にテスト目的で使います.このような名前であるにもかかわらず,このコマンドは常に,新しい名前空間で新しいタスクを作成するために unshare ではなく clone を使います.テスト中のカーネルの退行は別として,これで違いは生じないはずです.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <variablelist>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <varlistentry>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <option>-s <replaceable>namespaces</replaceable></option>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi Specify the namespaces to attach to, as a pipe-separated list,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi e.g. <replaceable>NETWORK|IPC</replaceable>. Allowed values are
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <replaceable>MOUNT</replaceable>, <replaceable>PID</replaceable>,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <replaceable>UTSNAME</replaceable>, <replaceable>IPC</replaceable>,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <replaceable>USER </replaceable> and
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <replaceable>NETWORK</replaceable>. This allows one to change
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi the context of the process to e.g. the network namespace of the
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi container while retaining the other namespaces as those of the
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi アタッチする名前空間を,パイプでつなげたリストで指定します.例えば <replaceable>NETWORK|IPC</replaceable> のようにです.指定できる値は <replaceable>MOUNT</replaceable>,<replaceable>PID</replaceable>,<replaceable>UTSNAME</replaceable>,<replaceable>IPC</replaceable>,<replaceable>USER </replaceable>,<replaceable>NETWORK</replaceable> です.これにより,プロセスのコンテキストを変更することができます.例えば,コンテナのネットワーク名前空間だけを変更し,他の名前空間をホストのものと同じものに保ったままにするというようなことです.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </varlistentry>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <varlistentry>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <option>-u <replaceable>user</replaceable></option>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi Specify a user which the new task should become. This option is
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi only valid if a user namespace is unshared.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi 新しいタスクを実行するユーザを指定します.このオプションはユーザ名前空間を unshare する時のみ有効です.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </varlistentry>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </variablelist>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi To spawn a new shell with its own UTS (hostname) namespace,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
a5ba96715d4ef264c43d4f187251de491ba198c0KATOH Yasufumi lxc-unshare -s UTSNAME /bin/bash
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi If the hostname is changed in that shell, the change will not be
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi reflected on the host.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi 自身の UTS(hostname)名前空間でシェルを起動するには以下のように実行します.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi もし,そのシェル上でホスト名を変更しても,その変更はホストには反映されません.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi To spawn a shell in a new network, pid, and mount namespace,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
a5ba96715d4ef264c43d4f187251de491ba198c0KATOH Yasufumi lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi The resulting shell will have pid 1 and will see no network interfaces.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi After re-mounting /proc in that shell,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mount -t proc proc /proc
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi ps output will show there are no other processes in the namespace.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi 新しいネットワーク,pid,マウント名前空間でシェルを起動するには以下のように実行します.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi その結果起動するシェルは pid が 1 となり,ネットワークインターフェースがないでしょう.そのシェル上で /proc を再マウントした後
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mount -t proc proc /proc
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi </programlisting>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi ps の出力は,その名前空間内には他のプロセスが存在しない事を表示するでしょう.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi<!-- Keep this comment at the end of the file
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiLocal variables:
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-omittag:t
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-shorttag:t
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-minimize-attributes:nil
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-always-quote-attributes:t
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-indent-step:2
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-indent-data:t
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-parent-document:nil
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-default-dtd-file:nil
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-exposed-tags:nil
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-local-catalogs:nil
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisgml-local-ecat-files:nil