Highest Voted 'unshare' Questions - Unix and Linux Stack Exchange

16

votes

3 answers

Simulate chroot with unshare

I am trying to write a bootstrapper for a minimal, from-source linux distribution. I would like to build in a chroot-like environment. This should simplify packaging. I do not care about security at this point. The bootstrapper should not require…

asked Feb 25 '13 at 19:45

Rooties

161
1
4

11

votes

1 answer

unshare --map-root-user switch to original uid/username after setup

I'm using unshare to create per process mounts, which is working perfectly fine by unshare -m --map-root-user However, after having created my bind-mounts by mount --bind src dst I want to change the UID to my original user, so that whoami (and…

linux users root namespace unshare

asked Apr 26 '18 at 10:46

spawn

179
1
7

10

votes

1 answer

Losing permissions by adding capability?

I observed the following phenomenon that I can not explain. After adding the CAP_SYS_ADMIN capability, unshare is no longer able to write to /proc/self/setgroups. In fact, writing to this file requires the capability, but that is achieved by…

namespace unshare

asked Jul 19 '18 at 20:36

koalo

315
2
15

7

votes

2 answers

How can I check if cgroups are available on my Linux host?

Is there a command to check if the container services are running on a Linux system? Someone suggested unshare but I am not sure if that is the best way to do it.

linux cgroups container unshare

asked Feb 28 '18 at 22:27

codeforester

722
2
8
23

7

votes

2 answers

Mounting a file system image inside an unshared namespace

I'm using unshare to perform things like bind mounts local to a certain process without requiring root access, e.g.: unshare -mr bash mount --bind a b (Yes, this seems kinda dumb; in my actual use case; unshare is running a bash script that…

mount loop-device namespace unshare

asked May 10 '17 at 20:29

kirbyfan64sos

236
2
7

6

votes

1 answer

How are time namespaces supposed to be used?

I thought I could do something like: sudo unshare -T bash -c 'date -s "$1" && foobar' sh "$(date -d -1day)" so foobar would see a different system time from the rest of the system. However, it seems the change of system time is not contained. It…

linux namespace clock unshare

asked Apr 22 '21 at 23:27

JoL

4,520
15
35

6

votes

1 answer

Why can I not bind a mount namespace to a file

I observe the following: As unprivileged user in shell No 1: user@box:~$ sysctl kernel.unprivileged_userns_clone kernel.unprivileged_userns_clone = 1 user@box:~$ unshare --mount --user nobody@box:~$ echo $$ 18655 And as root in shell No…

linux namespace bind-mount unshare

asked May 05 '19 at 14:12

stefan

1,081
1
7
16

6

votes

1 answer

How to prevent a process from writing to the systemd journal?

I am using a third party .NET Core application (a binary distribution used by a VS Code extension) that unfortunately has diagnostic logging enabled with no apparent way to disable it (I did already report this to the authors). The ideal solution…

systemd-journald gdb unix-sockets ld unshare

asked Nov 14 '18 at 21:15

Matthijs Steen

253
1
7

6

votes

1 answer

Why does unshare based killing only work reliably with --fork?

From this answer we have learned that you can implement reliable killing of entire process subtrees with Linux PID namespaces via unshare -p. Here is problem with it that I don't understand: It only works when I use the -f/--fork option to…

process kill namespace unshare

asked Sep 19 '17 at 14:41

nh2

1,611
2
14
22

4

votes

1 answer

How do you get the child pid of `unshare` when using --fork for `nsenter -t `?

When using unshare --pid --fork, the nsenter command must attach to the child pid not the unshare pid to get to the right pid namespace. I can get unshare's pid as follows: unshare --pid --mount --fork --mount-proc bash & echo PID: $! fg but I…

linux namespace unshare

asked Jul 23 '22 at 04:18

KJ7LNW

273
1
8

3

votes

2 answers

Can't `chown` with `unshare`

I run unshare -r touch file. However, unshare -r chown nobody file gives me Invalid argument. Why?

chown unshare

asked Jul 27 '22 at 11:30

DrownedSuccess

93
5

3

votes

1 answer

How can I use a bind mount in a network namespace?

I have an app I run in a network namespace. This works well. I want to run the app multiple times, in different namespaces. For convenience, I want to bind mount the app's working directory to something like /tmp/nsX, inside of the namespace. If I…

namespace network-namespaces unshare

asked Jan 13 '22 at 02:14

sea chub

195
7

3

votes

0 answers

unshare with supplementary groups

On my Linux machine, I (my user) have a main group and multiple other groups (note I belong to group 150): $ id -u; id -g; id -G 1000 1000 1000 6 21 91 97 150 190 465 996 1003 I need to isolate a command into a user namespace. I use unshare --user…

group unshare

asked Jun 18 '21 at 10:04

audeoudh

131
3

3

votes

1 answer

Why is it possible to create other namespaces without real root using user namespaces?

When using the command unshare to create namespaces, if you are not the root in the host machine and creating any namespace but the user type, you will receive this error: Operation not permitted. Obviously, running as root will make it work. So, if…

linux namespace unshare

asked Nov 02 '20 at 01:37

Vitor Falcão

49
1
7

3

votes

0 answers

How to make unshare(CLONE_NEWUSER) succeed after chroot?

My call to unshare(CLONE_NEWUSER) when called as a non-root user returns EPERM because of this (http://man7.org/linux/man-pages/man2/unshare.2.html): EPERM (since Linux 3.9) CLONE_NEWUSER was specified in flags and the caller is in…

linux chroot unshare

asked Jan 05 '19 at 17:40

pts

1,041
13
22

Questions tagged [unshare]