2013-10-14 15:02:00 -05:00
|
|
|
.TH NSENTER 1 "June 2013" "util-linux" "User Commands"
|
2013-01-11 16:46:38 -06:00
|
|
|
.SH NAME
|
|
|
|
nsenter \- run program with namespaces of other processes
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B nsenter
|
2014-07-20 16:15:46 -05:00
|
|
|
[options]
|
2013-05-30 05:40:51 -05:00
|
|
|
.RI [ program
|
|
|
|
.RI [ arguments ]]
|
2013-01-11 16:46:38 -06:00
|
|
|
.SH DESCRIPTION
|
2013-02-13 20:05:49 -06:00
|
|
|
Enters the namespaces of one or more other processes and then executes the specified
|
2013-01-20 12:04:51 -06:00
|
|
|
program. Enterable namespaces are:
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-01-20 12:04:51 -06:00
|
|
|
.B mount namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
Mounting and unmounting filesystems will not affect the rest of the system
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWNS
|
2013-05-30 05:40:51 -05:00
|
|
|
flag), except for filesystems which are explicitly marked as shared (with
|
|
|
|
\fBmount --make-\:shared\fP; see \fI/proc\:/self\:/mountinfo\fP for the
|
|
|
|
\fBshared\fP flag).
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-01-20 12:04:51 -06:00
|
|
|
.B UTS namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
Setting hostname or domainname will not affect the rest of the system.
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWUTS
|
2013-05-30 05:40:51 -05:00
|
|
|
flag)
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-01-20 12:04:51 -06:00
|
|
|
.B IPC namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
The process will have an independent namespace for System V message queues,
|
|
|
|
semaphore sets and shared memory segments.
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWIPC
|
2013-05-30 05:40:51 -05:00
|
|
|
flag)
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-01-20 12:04:51 -06:00
|
|
|
.B network namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
The process will have independent IPv4 and IPv6 stacks, IP routing tables,
|
|
|
|
firewall rules, the
|
2013-01-20 12:04:51 -06:00
|
|
|
.I /proc\:/net
|
|
|
|
and
|
|
|
|
.I /sys\:/class\:/net
|
2013-05-30 05:40:51 -05:00
|
|
|
directory trees, sockets, etc.
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWNET
|
2013-05-30 05:40:51 -05:00
|
|
|
flag)
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
2013-02-13 20:05:49 -06:00
|
|
|
.B PID namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
Children will have a set of PID to process mappings separate from the
|
2013-02-13 20:05:49 -06:00
|
|
|
.B nsenter
|
|
|
|
process
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWPID
|
|
|
|
flag).
|
2013-02-13 20:05:49 -06:00
|
|
|
.B nsenter
|
|
|
|
will fork by default if changing the PID namespace, so that the new program
|
|
|
|
and its children share the same PID namespace and are visible to each other.
|
2013-05-30 05:40:51 -05:00
|
|
|
If \fB\-\-no\-fork\fP is used, the new program will be exec'ed without forking.
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-01-20 12:04:51 -06:00
|
|
|
.B user namespace
|
2013-05-30 05:40:51 -05:00
|
|
|
The process will have a distinct set of UIDs, GIDs and capabilities.
|
2013-01-20 12:04:51 -06:00
|
|
|
.RB ( CLONE_\:NEWUSER
|
2013-05-30 05:40:51 -05:00
|
|
|
flag)
|
2013-01-11 16:46:38 -06:00
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
See \fBclone\fP(2) for the exact semantics of the flags.
|
2013-02-13 20:05:48 -06:00
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
If \fIprogram\fP is not given, then ``${SHELL}'' is run (default: /bin\:/sh).
|
2013-02-13 20:05:48 -06:00
|
|
|
|
2013-01-11 16:46:38 -06:00
|
|
|
.SH OPTIONS
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
\fB\-t\fR, \fB\-\-target\fR \fIpid\fP
|
|
|
|
Specify a target process to get contexts from. The paths to the contexts
|
|
|
|
specified by
|
|
|
|
.I pid
|
|
|
|
are:
|
|
|
|
.RS
|
|
|
|
.PD 0
|
|
|
|
.IP "" 20
|
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/mnt
|
|
|
|
the mount namespace
|
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/uts
|
2013-02-13 20:05:49 -06:00
|
|
|
the UTS namespace
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/ipc
|
2013-02-13 20:05:49 -06:00
|
|
|
the IPC namespace
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/net
|
2013-02-13 20:05:49 -06:00
|
|
|
the network namespace
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/pid
|
2013-02-13 20:05:49 -06:00
|
|
|
the PID namespace
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/ns/user
|
|
|
|
the user namespace
|
|
|
|
.TP
|
|
|
|
/proc/\fIpid\fR/root
|
|
|
|
the root directory
|
|
|
|
.TP
|
2013-02-13 20:05:49 -06:00
|
|
|
/proc/\fIpid\fR/cwd
|
2013-01-20 12:04:51 -06:00
|
|
|
the working directory respectively
|
|
|
|
.PD
|
|
|
|
.RE
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-m\fR, \fB\-\-mount\fR[=\fIfile\fR]
|
|
|
|
Enter the mount namespace. If no file is specified, enter the mount namespace
|
|
|
|
of the target process. If file is specified, enter the mount namespace
|
2013-01-20 12:04:51 -06:00
|
|
|
specified by file.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-u\fR, \fB\-\-uts\fR[=\fIfile\fR]
|
|
|
|
Enter the UTS namespace. If no file is specified, enter the UTS namespace of
|
|
|
|
the target process. If file is specified, enter the UTS namespace specified by
|
2013-01-20 12:04:51 -06:00
|
|
|
file.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-i\fR, \fB\-\-ipc\fR[=\fIfile\fR]
|
|
|
|
Enter the IPC namespace. If no file is specified, enter the IPC namespace of
|
|
|
|
the target process. If file is specified, enter the IPC namespace specified by
|
2013-01-20 12:04:51 -06:00
|
|
|
file.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-n\fR, \fB\-\-net\fR[=\fIfile\fR]
|
|
|
|
Enter the network namespace. If no file is specified, enter the network
|
|
|
|
namespace of the target process. If file is specified, enter the network
|
2013-01-20 12:04:51 -06:00
|
|
|
namespace specified by file.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-p\fR, \fB\-\-pid\fR[=\fIfile\fR]
|
|
|
|
Enter the PID namespace. If no file is specified, enter the PID namespace of
|
|
|
|
the target process. If file is specified, enter the PID namespace specified by
|
2013-01-20 12:04:51 -06:00
|
|
|
file.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-U\fR, \fB\-\-user\fR[=\fIfile\fR]
|
|
|
|
Enter the user namespace. If no file is specified, enter the user namespace of
|
|
|
|
the target process. If file is specified, enter the user namespace specified by
|
2013-10-14 15:02:00 -05:00
|
|
|
file. See also the \fB\-\-setuid\fR and \fB\-\-setgid\fR options.
|
2013-06-18 03:35:44 -05:00
|
|
|
.TP
|
|
|
|
\fB\-G\fR, \fB\-\-setgid\fR \fIgid\fR
|
2014-07-29 06:07:44 -05:00
|
|
|
Set the group ID which will be used in the entered namespace and drop
|
|
|
|
supplementary groups.
|
|
|
|
.BR nsenter (1)
|
|
|
|
always sets GID for user namespaces, the default is 0.
|
2013-06-18 03:35:44 -05:00
|
|
|
.TP
|
|
|
|
\fB\-S\fR, \fB\-\-setuid\fR \fIuid\fR
|
2014-07-29 06:07:44 -05:00
|
|
|
Set the user ID which will be used in the entered namespace.
|
|
|
|
.BR nsenter (1)
|
|
|
|
always sets UID for user namespaces, the default is 0.
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-r\fR, \fB\-\-root\fR[=\fIdirectory\fR]
|
|
|
|
Set the root directory. If no directory is specified, set the root directory to
|
|
|
|
the root directory of the target process. If directory is specified, set the
|
2013-01-20 12:04:51 -06:00
|
|
|
root directory to the specified directory.
|
|
|
|
.TP
|
2013-05-30 05:40:51 -05:00
|
|
|
\fB\-w\fR, \fB\-\-wd\fR[=\fIdirectory\fR]
|
|
|
|
Set the working directory. If no directory is specified, set the working
|
2013-01-20 12:04:51 -06:00
|
|
|
directory to the working directory of the target process. If directory is
|
2013-05-30 05:40:51 -05:00
|
|
|
specified, set the working directory to the specified directory.
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
\fB\-F\fR, \fB\-\-no-fork\fR
|
2013-05-30 05:40:51 -05:00
|
|
|
Do not fork before exec'ing the specified program. By default, when entering a
|
|
|
|
PID namespace, \fBnsenter\fP calls \fBfork\fP before calling \fBexec\fP so that
|
|
|
|
any children will also be in the newly entered PID namespace.
|
2013-01-20 12:04:51 -06:00
|
|
|
.TP
|
|
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
|
|
Display version information and exit.
|
|
|
|
.TP
|
|
|
|
\fB\-h\fR, \fB\-\-help\fR
|
2013-10-14 14:34:39 -05:00
|
|
|
Display help text and exit.
|
2013-01-11 16:46:38 -06:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR setns (2),
|
|
|
|
.BR clone (2)
|
|
|
|
.SH AUTHOR
|
2013-01-20 12:04:51 -06:00
|
|
|
.MT ebiederm@xmission.com
|
|
|
|
Eric Biederman
|
|
|
|
.ME
|
2013-01-11 16:46:38 -06:00
|
|
|
.SH AVAILABILITY
|
|
|
|
The nsenter command is part of the util-linux package and is available from
|
2013-01-20 12:04:51 -06:00
|
|
|
.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
|
|
|
|
Linux Kernel Archive
|
|
|
|
.UE .
|