155 lines
4.4 KiB
Groff
155 lines
4.4 KiB
Groff
.TH NSENTER 1 "January 2013" "util-linux" "User Commands"
|
|
.SH NAME
|
|
nsenter \- run program with namespaces of other processes
|
|
.SH SYNOPSIS
|
|
.B nsenter
|
|
.RI [ options ]
|
|
program
|
|
.RI [ arguments ]
|
|
.SH DESCRIPTION
|
|
Enters the contexts of one or more other processes and then executes specified
|
|
program. Enterable namespaces are:
|
|
.TP
|
|
.B mount namespace
|
|
mounting and unmounting filesystems will not affect rest of the system
|
|
.RB ( CLONE_\:NEWNS
|
|
flag), except for filesystems which are explicitly marked as shared (by mount
|
|
--make-\:shared). See /proc\:/self\:/mountinfo for the shared flags.
|
|
.TP
|
|
.B UTS namespace
|
|
setting hostname, domainname will not affect rest of the system
|
|
.RB ( CLONE_\:NEWUTS
|
|
flag).
|
|
.TP
|
|
.B IPC namespace
|
|
process will have independent namespace for System V message queues, semaphore
|
|
sets and shared memory segments
|
|
.RB ( CLONE_\:NEWIPC
|
|
flag).
|
|
.TP
|
|
.B network namespace
|
|
process will have independent IPv4 and IPv6 stacks, IP routing tables, firewall
|
|
rules, the
|
|
.I /proc\:/net
|
|
and
|
|
.I /sys\:/class\:/net
|
|
directory trees, sockets etc.
|
|
.RB ( CLONE_\:NEWNET
|
|
flag).
|
|
.TP
|
|
.B pid namespace
|
|
children will have a distinct set of pid to process mappings thantheir parent.
|
|
.RB ( CLONE_\:NEWPID
|
|
flag).
|
|
.TP
|
|
.B user namespace
|
|
process will have distinct set of uids, gids and capabilities.
|
|
.RB ( CLONE_\:NEWUSER
|
|
flag).
|
|
.TP
|
|
See the
|
|
.BR clone (2)
|
|
for exact semantics of the flags.
|
|
.SH OPTIONS
|
|
Argument with square brakets, such as [\fIfile\fR], means optional argument.
|
|
Command line syntax to specify optional argument \-\-mount=/path\:/to\:/file.
|
|
Please notice the equals sign.
|
|
.TP
|
|
\fB\-t\fR, \fB\-\-target\fR \fIpid\fP
|
|
Specify a target process to get contexts from. The paths to the contexts
|
|
specified by
|
|
.I pid
|
|
are:
|
|
.RS
|
|
.PD 0
|
|
.IP "" 20
|
|
.TP
|
|
/proc/\fIpid\fR/ns/mnt
|
|
the mount namespace
|
|
.TP
|
|
/proc/\fIpid\fR/ns/uts
|
|
the uts namespace
|
|
.TP
|
|
/proc/\fIpid\fR/ns/ipc
|
|
the ipc namespace
|
|
.TP
|
|
/proc/\fIpid\fR/ns/net
|
|
the ipc namespace
|
|
.TP
|
|
/proc/\fIpid\fR/ns/pid
|
|
the pid namespace
|
|
.TP
|
|
/proc/\fIpid\fR/ns/user
|
|
the user namespace
|
|
.TP
|
|
/proc/\fIpid\fR/root
|
|
the root directory
|
|
.TP
|
|
/proc/\fIpid\fR/cw
|
|
the working directory respectively
|
|
.PD
|
|
.RE
|
|
.TP
|
|
\fB\-m\fR, \fB\-\-mount\fR [\fIfile\fR]
|
|
Enter the mount namespace. If no file is specified enter the mount namespace
|
|
of the target process. If file is specified enter the mount namespace
|
|
specified by file.
|
|
.TP
|
|
\fB\-u\fR, \fB\-\-uts\fR [\fIfile\fR]
|
|
Enter the uts namespace. If no file is specified enter the uts namespace of
|
|
the target process. If file is specified enter the uts namespace specified by
|
|
file.
|
|
.TP
|
|
\fB\-i\fR, \fB\-\-ipc\fR [\fIfile\fR]
|
|
Enter the IPC namespace. If no file is specified enter the IPC namespace of
|
|
the target process. If file is specified enter the uts namespace specified by
|
|
file.
|
|
.TP
|
|
\fB\-n\fR, \fB\-\-net\fR [\fIfile\fR]
|
|
Enter the network namespace. If no file is specified enter the network
|
|
namespace of the target process. If file is specified enter the network
|
|
namespace specified by file.
|
|
.TP
|
|
\fB\-p\fR, \fB\-\-pid\fR [\fIfile\fR]
|
|
Enter the pid namespace. If no file is specified enter the pid namespace of
|
|
the target process. If file is specified enter the pid namespace specified by
|
|
file.
|
|
.TP
|
|
\fB\-U\fR, \fB\-\-user\fR [\fIfile\fR]
|
|
Enter the user namespace. If no file is specified enter the user namespace of
|
|
the target process. If file is specified enter the user namespace specified by
|
|
file.
|
|
.TP
|
|
\fB\-r\fR, \fB\-\-root\fR [\fIdirectory\fR]
|
|
Set the root directory. If no directory is specified set the root directory to
|
|
the root directory of the target process. If directory is specified set the
|
|
root directory to the specified directory.
|
|
.TP
|
|
\fB\-w\fR, \fB\-\-wd\fR [\fIdirectory\fR]
|
|
Set the working directory. If no directory is specified set the working
|
|
directory to the working directory of the target process. If directory is
|
|
specified set the working directory to the specified directory.
|
|
.TP
|
|
\fB\-F\fR, \fB\-\-no-fork\fR
|
|
Do not fork before exec'ing the specified program. By default when entering a
|
|
pid namespace enter calls fork before calling exec so that the children will be
|
|
in the newly entered pid namespace.
|
|
.TP
|
|
\fB\-V\fR, \fB\-\-version\fR
|
|
Display version information and exit.
|
|
.TP
|
|
\fB\-h\fR, \fB\-\-help\fR
|
|
Print a help message.
|
|
.SH SEE ALSO
|
|
.BR setns (2),
|
|
.BR clone (2)
|
|
.SH AUTHOR
|
|
.MT ebiederm@xmission.com
|
|
Eric Biederman
|
|
.ME
|
|
.SH AVAILABILITY
|
|
The nsenter command is part of the util-linux package and is available from
|
|
.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
|
|
Linux Kernel Archive
|
|
.UE .
|