lxc/doc/lxc-unshare.sgml.in

	lxc-unshare.sgml.in revision 810567bbbe283c547e4ac837545d1e592916df26
89a126810703c666309310d0f3189e9834d70b5bTimo Sirainen<!--
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenlxc: linux Container library
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen(C) Copyright IBM Corp. 2007, 2008
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
58be9d6bcc3800f5b3d76a064ee767fbe31a5a8aTimo SirainenAuthors:
1098fc409a45e7603701dc94635927a673bee0c1Timo SirainenDaniel Lezcano <dlezcano at fr.ibm.com>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenSerge Hallyn <serge.hallyn at ubuntu.com>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenThis library is free software; you can redistribute it and/or
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenmodify it under the terms of the GNU Lesser General Public
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenLicense as published by the Free Software Foundation; either
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenversion 2.1 of the License, or (at your option) any later version.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenThis library is distributed in the hope that it will be useful,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenbut WITHOUT ANY WARRANTY; without even the implied warranty of
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenLesser General Public License for more details.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenYou should have received a copy of the GNU Lesser General Public
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenLicense along with this library; if not, write to the Free Software
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenFoundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen-->
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen]>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<refentry>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
ad850190d946d34966a56838cfdb216e021b5b5fTimo Sirainen  <docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
ad850190d946d34966a56838cfdb216e021b5b5fTimo Sirainen
ad850190d946d34966a56838cfdb216e021b5b5fTimo Sirainen  <refmeta>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <refentrytitle>lxc-unshare</refentrytitle>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <manvolnum>1</manvolnum>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  </refmeta>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  <refnamediv>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <refname>lxc-unshare</refname>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <refpurpose>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      Run a task in a new set of namespaces.
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen    </refpurpose>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  </refnamediv>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  <refsynopsisdiv>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <cmdsynopsis>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      <command>lxc-clone</command>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      <arg choice="req">-s <replaceable>namespaces</replaceable></arg>
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen      <arg choice="req">-u <replaceable>user</replaceable></arg>
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen      <arg choice="req">command</arg>
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen    </cmdsynopsis>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  </refsynopsisdiv>
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  <refsect1>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <title>Description</title>
6e235046e1d8e9d89fc948f5c623676c20421a28Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    <para>
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen      <command>lxc-unshare</command> can be used to run a task in a cloned set
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen      of namespaces.  This command is mainly provided for testing purposes.
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen      Despite its name, it always uses clone rather than unshare to create
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen      the new task with fresh namespaces.  Apart from testing kernel
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      regressions this should make no difference.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    </para>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  </refsect1>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  <refsect1>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen    <title>Options</title>
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen    <variablelist>
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen      <varlistentry>
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen    <term>
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen      <option>-s <replaceable>namespaces</replaceable></option>
3b20a37cb65c70f55e48dbdc912313fdacdab630Timo Sirainen    </term>
3b20a37cb65c70f55e48dbdc912313fdacdab630Timo Sirainen    <listitem>
3b20a37cb65c70f55e48dbdc912313fdacdab630Timo Sirainen      <para>
3b20a37cb65c70f55e48dbdc912313fdacdab630Timo Sirainen        Specify the namespaces to attach to, as a pipe-separated list,
3b20a37cb65c70f55e48dbdc912313fdacdab630Timo Sirainen        e.g. <replaceable>NETWORK|IPC</replaceable>. Allowed values are
51b979b6414b940f04677a7e2d064be119345954Timo Sirainen        <replaceable>MOUNT</replaceable>, <replaceable>PID</replaceable>,
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        <replaceable>UTSNAME</replaceable>, <replaceable>IPC</replaceable>,
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        <replaceable>USER </replaceable> and
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        <replaceable>NETWORK</replaceable>. This allows one to change
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        the context of the process to e.g. the network namespace of the
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        container while retaining the other namespaces as those of the
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen        host.
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen      </para>
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainen    </listitem>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      </varlistentry>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      <varlistentry>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    <term>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      <option>-u <replaceable>user</replaceable></option>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    </term>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    <listitem>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      <para>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        Specify a user which the new task should become.  This option is
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        only valid if a user namespace is unshared.
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      </para>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    </listitem>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      </varlistentry>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    </variablelist>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen  </refsect1>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen  <refsect1>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    <title>Examples</title>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      <para>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        To spawn a new shell with its own UTS (hostname) namespace,
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        <programlisting>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen          lxc-clone -s UTSNAME /bin/bash
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        </programlisting>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    If the hostname is changed in that shell, the change will not be
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    reflected on the host.
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      </para>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen      <para>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        To spawn a shell in a new network, pid, and mount namespace,
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen        <programlisting>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen          lxc-clone -s "NETWORK|PID|MOUNT" /bin/bash
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        </programlisting>
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen    The resulting shell will have pid 1 and will see no network interfaces.
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen    After re-mounting /proc in that shell,
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen        <programlisting>
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen          mount -t proc proc /proc
d9fdacd5fb3e07997e5c389739d2054f0c8441d8Timo Sirainen        </programlisting>
69e03a846f6980144aa75bff0590c04852bffbbcTimo Sirainen    ps output will show there are no other processes in the namespace.
4b231ca0bbe3b536acbd350101e183441ce0247aTimo Sirainen      </para>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen  </refsect1>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  &seealso;
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen  <refsect1>
c53e8ee216904ffe6de4f6518d9f9f5107b7610eTimo Sirainen    <title>Author</title>
c53e8ee216904ffe6de4f6518d9f9f5107b7610eTimo Sirainen    <para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen  </refsect1>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
df6478c4cf605bd81b3891c148b84c14eb6c4035Timo Sirainen</refentry>
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen<!-- Keep this comment at the end of the file
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo SirainenLocal variables:
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenmode: sgml
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainensgml-omittag:t
abe7afb8f1766fbcef1b9df513109e43d7d16e49Timo Sirainensgml-shorttag:t
1098fc409a45e7603701dc94635927a673bee0c1Timo Sirainensgml-minimize-attributes:nil
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainensgml-always-quote-attributes:t
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainensgml-indent-step:2
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainensgml-indent-data:t
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainensgml-parent-document:nil
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainensgml-default-dtd-file:nil
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainensgml-exposed-tags:nil
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainensgml-local-catalogs:nil
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainensgml-local-ecat-files:nil
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo SirainenEnd:
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen-->
fd2f5fbc1f07aa93e2214a28cdf02437fb7d06c8Timo Sirainen