summaryrefslogtreecommitdiffstats
path: root/sys-utils/nsenter.1
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sys-utils/nsenter.1269
1 files changed, 269 insertions, 0 deletions
diff --git a/sys-utils/nsenter.1 b/sys-utils/nsenter.1
new file mode 100644
index 0000000..5674f8d
--- /dev/null
+++ b/sys-utils/nsenter.1
@@ -0,0 +1,269 @@
+.TH NSENTER 1 "June 2013" "util-linux" "User Commands"
+.SH NAME
+nsenter \- run program in different namespaces
+.SH SYNOPSIS
+.B nsenter
+[options]
+.RI [ program
+.RI [ arguments ]]
+.SH DESCRIPTION
+The
+.B nsenter
+command executes
+.I program
+in the namespace(s) that are specified in the command-line options
+(described below).
+If \fIprogram\fP is not given, then ``${SHELL}'' is run (default: /bin\:/sh).
+.PP
+Enterable namespaces are:
+.TP
+.B mount namespace
+Mounting and unmounting filesystems will not affect the rest of the system,
+except for filesystems which are explicitly marked as shared (with
+\fBmount --make-\:shared\fP; see \fI/proc\:/self\:/mountinfo\fP for the
+\fBshared\fP flag).
+For further details, see
+.BR mount_namespaces (7)
+and the discussion of the
+.B CLONE_NEWNS
+flag in
+.BR clone (2).
+.TP
+.B UTS namespace
+Setting hostname or domainname will not affect the rest of the system.
+For further details, see
+.BR uts_namespaces (7).
+.TP
+.B IPC namespace
+The process will have an independent namespace for POSIX message queues
+as well as System V message queues,
+semaphore sets and shared memory segments.
+For further details, see
+.BR ipc_namespaces (7).
+.TP
+.B network namespace
+The process will have independent IPv4 and IPv6 stacks, IP routing tables,
+firewall rules, the
+.I /proc\:/net
+and
+.I /sys\:/class\:/net
+directory trees, sockets, etc.
+For further details, see
+.BR network_namespaces (7).
+.TP
+.B PID namespace
+Children will have a set of PID to process mappings separate from the
+.B nsenter
+process.
+.B nsenter
+will fork by default if changing the PID namespace, so that the new program
+and its children share the same PID namespace and are visible to each other.
+If \fB\-\-no\-fork\fP is used, the new program will be exec'ed without forking.
+For further details, see
+.BR pid_namespaces (7).
+.TP
+.B user namespace
+The process will have a distinct set of UIDs, GIDs and capabilities.
+For further details, see
+.BR user_namespaces (7).
+.TP
+.B cgroup namespace
+The process will have a virtualized view of \fI/proc\:/self\:/cgroup\fP, and new
+cgroup mounts will be rooted at the namespace cgroup root.
+For further details, see
+.BR cgroup_namespaces (7).
+.TP
+.B time namespace
+The process can have a distinct view of
+.B CLOCK_MONOTONIC
+and/or
+.B CLOCK_BOOTTIME
+which can be changed using \fI/proc/self/timens_offsets\fP.
+For further details, see
+.BR time_namespaces (7).
+.SH OPTIONS
+Various of the options below that relate to namespaces take an optional
+.I file
+argument.
+This should be one of the
+.I /proc/[pid]/ns/*
+files described in
+.BR namespaces (7),
+or the pathname of a bind mount that was created on one of those files.
+.TP
+\fB\-a\fR, \fB\-\-all\fR
+Enter all namespaces of the target process by the default
+.I /proc/[pid]/ns/*
+namespace paths. The default paths to the target process namespaces may be
+overwritten by namespace specific options (e.g., --all --mount=[path]).
+
+The user namespace will be ignored if the same as the caller's current user
+namespace. It prevents a caller that has dropped capabilities from regaining
+those capabilities via a call to setns(). See
+.BR setns (2)
+for more details.
+.TP
+\fB\-t\fR, \fB\-\-target\fR \fIpid\fP
+Specify a target process to get contexts from. The paths to the contexts
+specified by
+.I pid
+are:
+.RS
+.PD 0
+.IP "" 20
+.TP
+/proc/\fIpid\fR/ns/mnt
+the mount namespace
+.TP
+/proc/\fIpid\fR/ns/uts
+the UTS namespace
+.TP
+/proc/\fIpid\fR/ns/ipc
+the IPC namespace
+.TP
+/proc/\fIpid\fR/ns/net
+the network namespace
+.TP
+/proc/\fIpid\fR/ns/pid
+the PID namespace
+.TP
+/proc/\fIpid\fR/ns/user
+the user namespace
+.TP
+/proc/\fIpid\fR/ns/cgroup
+the cgroup namespace
+.TP
+/proc/\fIpid\fR/ns/time
+the time namespace
+.TP
+/proc/\fIpid\fR/root
+the root directory
+.TP
+/proc/\fIpid\fR/cwd
+the working directory respectively
+.PD
+.RE
+.TP
+\fB\-m\fR, \fB\-\-mount\fR[=\fIfile\fR]
+Enter the mount namespace. If no file is specified, enter the mount namespace
+of the target process.
+If
+.I file
+is specified, enter the mount namespace
+specified by
+.IR file .
+.TP
+\fB\-u\fR, \fB\-\-uts\fR[=\fIfile\fR]
+Enter the UTS namespace. If no file is specified, enter the UTS namespace of
+the target process.
+If
+.I file
+is specified, enter the UTS namespace specified by
+.IR file .
+.TP
+\fB\-i\fR, \fB\-\-ipc\fR[=\fIfile\fR]
+Enter the IPC namespace. If no file is specified, enter the IPC namespace of
+the target process.
+If
+.I file
+is specified, enter the IPC namespace specified by
+.IR file .
+.TP
+\fB\-n\fR, \fB\-\-net\fR[=\fIfile\fR]
+Enter the network namespace. If no file is specified, enter the network
+namespace of the target process.
+If
+.I file
+is specified, enter the network namespace specified by
+.IR file .
+.TP
+\fB\-p\fR, \fB\-\-pid\fR[=\fIfile\fR]
+Enter the PID namespace. If no file is specified, enter the PID namespace of
+the target process.
+If
+.I file
+is specified, enter the PID namespace specified by
+.IR file .
+.TP
+\fB\-U\fR, \fB\-\-user\fR[=\fIfile\fR]
+Enter the user namespace. If no file is specified, enter the user namespace of
+the target process.
+If
+.I file
+is specified, enter the user namespace specified by
+.IR file .
+See also the \fB\-\-setuid\fR and \fB\-\-setgid\fR options.
+.TP
+\fB\-C\fR, \fB\-\-cgroup\fR[=\fIfile\fR]
+Enter the cgroup namespace. If no file is specified, enter the cgroup namespace of
+the target process.
+If
+.I file
+is specified, enter the cgroup namespace specified by
+.IR file .
+.TP
+\fB\-T\fR, \fB\-\-time\fR[=\fIfile\fR]
+Enter the time namespace. If no file is specified, enter the time namespace of
+the target process.
+If
+.I file
+is specified, enter the time namespace specified by
+.IR file .
+.TP
+\fB\-G\fR, \fB\-\-setgid\fR \fIgid\fR
+Set the group ID which will be used in the entered namespace and drop
+supplementary groups.
+.BR nsenter (1)
+always sets GID for user namespaces, the default is 0.
+.TP
+\fB\-S\fR, \fB\-\-setuid\fR \fIuid\fR
+Set the user ID which will be used in the entered namespace.
+.BR nsenter (1)
+always sets UID for user namespaces, the default is 0.
+.TP
+\fB\-\-preserve\-credentials\fR
+Don't modify UID and GID when enter user namespace. The default is to
+drops supplementary groups and sets GID and UID to 0.
+.TP
+\fB\-r\fR, \fB\-\-root\fR[=\fIdirectory\fR]
+Set the root directory. If no directory is specified, set the root directory to
+the root directory of the target process. If directory is specified, set the
+root directory to the specified directory.
+.TP
+\fB\-w\fR, \fB\-\-wd\fR[=\fIdirectory\fR]
+Set the working directory. If no directory is specified, set the working
+directory to the working directory of the target process. If directory is
+specified, set the working directory to the specified directory.
+.TP
+\fB\-F\fR, \fB\-\-no\-fork\fR
+Do not fork before exec'ing the specified program. By default, when entering a
+PID namespace, \fBnsenter\fP calls \fBfork\fP before calling \fBexec\fP so that
+any children will also be in the newly entered PID namespace.
+.TP
+\fB\-Z\fR, \fB\-\-follow\-context\fR
+Set the SELinux security context used for executing a new process according to
+already running process specified by \fB\-\-target\fR PID. (The util-linux has
+to be compiled with SELinux support otherwise the option is unavailable.)
+.TP
+\fB\-V\fR, \fB\-\-version\fR
+Display version information and exit.
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+Display help text and exit.
+.SH AUTHORS
+.UR biederm@xmission.com
+Eric Biederman
+.UE
+.br
+.UR kzak@redhat.com
+Karel Zak
+.UE
+.SH SEE ALSO
+.BR clone (2),
+.BR setns (2),
+.BR namespaces (7)
+.SH AVAILABILITY
+The nsenter command is part of the util-linux package and is available from
+.UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/
+Linux Kernel Archive
+.UE .