Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 1018 insertions, 0 deletions

diff --git a/templates/man1/unshare.1.pot b/templates/man1/unshare.1.pot
new file mode 100644
index 00000000..b864fa79
--- /dev/null
+++ b/templates/man1/unshare.1.pot
@@ -0,0 +1,1018 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2023-08-27 17:31+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "UNSHARE"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "2022-05-11"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "util-linux 2.38.1"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "User Commands"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "unshare - run program in new namespaces"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<unshare> [options] [I<program> [I<arguments>]]"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The B<unshare> command creates new namespaces (as specified by the command-"
+"line options described below) and then executes the specified I<program>. If "
+"I<program> is not given, then \"${SHELL}\" is run (default: I</bin/sh>)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"By default, a new namespace persists only as long as it has member "
+"processes. A new namespace can be made persistent even when it has no member "
+"processes by bind mounting /proc/I<pid>/ns/I<type> files to a filesystem "
+"path. A namespace that has been made persistent in this way can subsequently "
+"be entered with B<nsenter>(1) even after the I<program> terminates (except "
+"PID namespaces where a permanently running init process is required). Once a "
+"persistent namespace is no longer needed, it can be unpersisted by using "
+"B<umount>(8) to remove the bind mount. See the B<EXAMPLES> section for more "
+"details."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"B<unshare> since util-linux version 2.36 uses I</proc/[pid]/ns/"
+"pid_for_children> and I</proc/[pid]/ns/time_for_children> files for "
+"persistent PID and TIME namespaces. This change requires Linux kernel 4.17 "
+"or newer."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "The following types of namespaces can be created with B<unshare>:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<mount namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Mounting and unmounting filesystems will not affect the rest of the system, "
+"except for filesystems which are explicitly marked as shared (with B<mount --"
+"make-shared>; see I</proc/self/mountinfo> or B<findmnt -o+PROPAGATION> for "
+"the B<shared> flags). For further details, see B<mount_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"B<unshare> since util-linux version 2.27 automatically sets propagation to "
+"B<private> in a new mount namespace to make sure that the new namespace is "
+"really unshared. It\\(cqs possible to disable this feature with option B<--"
+"propagation unchanged>. Note that B<private> is the kernel default."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<UTS namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Setting hostname or domainname will not affect the rest of the system. For "
+"further details, see B<uts_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<IPC namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The process will have an independent namespace for POSIX message queues as "
+"well as System V message queues, semaphore sets and shared memory segments. "
+"For further details, see B<ipc_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<network namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The process will have independent IPv4 and IPv6 stacks, IP routing tables, "
+"firewall rules, the I</proc/net> and I</sys/class/net> directory trees, "
+"sockets, etc. For further details, see B<network_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<PID namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Children will have a distinct set of PID-to-process mappings from their "
+"parent. For further details, see B<pid_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<cgroup namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The process will have a virtualized view of I</proc/self/cgroup>, and new "
+"cgroup mounts will be rooted at the namespace cgroup root. For further "
+"details, see B<cgroup_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<user namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The process will have a distinct set of UIDs, GIDs and capabilities. For "
+"further details, see B<user_namespaces>(7)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<time namespace>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The process can have a distinct view of B<CLOCK_MONOTONIC> and/or "
+"B<CLOCK_BOOTTIME> which can be changed using I</proc/self/timens_offsets>. "
+"For further details, see B<time_namespaces>(7)."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-i>, B<--ipc>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new IPC namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-m>, B<--mount>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new mount namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>. Note that I<file> must "
+"be located on a mount whose propagation type is not B<shared> (or an error "
+"results). Use the command B<findmnt -o+PROPAGATION> when not sure about the "
+"current setting. See also the examples below."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-n>, B<--net>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new network namespace. If I<file> is specified, then the namespace "
+"is made persistent by creating a bind mount at I<file>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-p>, B<--pid>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new PID namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>. (Creation of a "
+"persistent PID namespace will fail if the B<--fork> option is not also "
+"specified.)"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "See also the B<--fork> and B<--mount-proc> options."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-u>, B<--uts>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new UTS namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-U>, B<--user>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new user namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-C>, B<--cgroup>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new cgroup namespace. If I<file> is specified, then the namespace "
+"is made persistent by creating a bind mount at I<file>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-T>, B<--time>[B<=>I<file>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Create a new time namespace. If I<file> is specified, then the namespace is "
+"made persistent by creating a bind mount at I<file>. The B<--monotonic> and "
+"B<--boottime> options can be used to specify the corresponding offset in the "
+"time namespace."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-f>, B<--fork>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Fork the specified I<program> as a child process of B<unshare> rather than "
+"running it directly. This is useful when creating a new PID namespace. Note "
+"that when B<unshare> is waiting for the child process, then it ignores "
+"B<SIGINT> and B<SIGTERM> and does not forward any signals to the child. It "
+"is necessary to send signals to the child process."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--keep-caps>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"When the B<--user> option is given, ensure that capabilities granted in the "
+"user namespace are preserved in the child process."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--kill-child>[B<=>I<signame>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"When B<unshare> terminates, have I<signame> be sent to the forked child "
+"process. Combined with B<--pid> this allows for an easy and reliable killing "
+"of the entire process tree below B<unshare>. If not given, I<signame> "
+"defaults to B<SIGKILL>. This option implies B<--fork>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--mount-proc>[B<=>I<mountpoint>]"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Just before running the program, mount the proc filesystem at I<mountpoint> "
+"(default is I</proc>). This is useful when creating a new PID namespace. It "
+"also implies creating a new mount namespace since the I</proc> mount would "
+"otherwise mess up existing programs on the system. The new proc filesystem "
+"is explicitly mounted as private (with B<MS_PRIVATE>|B<MS_REC>)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--map-user=>I<uid|name>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Run the program only after the current effective user ID has been mapped to "
+"I<uid>. If this option is specified multiple times, the last occurrence "
+"takes precedence. This option implies B<--user>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "B<--map-users=>I<outeruid,inneruid,count>|B<auto>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Run the program only after the block of user IDs of size I<count> beginning "
+"at I<outeruid> has been mapped to the block of user IDs beginning at "
+"I<inneruid>. This mapping is created with B<newuidmap>(1). If the range of "
+"user IDs overlaps with the mapping specified by B<--map-user>, then a "
+"\"hole\" will be removed from the mapping. This may result in the highest "
+"user ID of the mapping not being mapped. The special value B<auto> will map "
+"the first block of user IDs owned by the effective user from I</etc/subuid> "
+"to a block starting at user ID 0. If this option is specified multiple "
+"times, the last occurrence takes precedence. This option implies B<--user>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--map-group=>I<gid|name>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Run the program only after the current effective group ID has been mapped to "
+"I<gid>. If this option is specified multiple times, the last occurrence "
+"takes precedence. This option implies B<--setgroups=deny> and B<--user>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "B<--map-groups=>I<outergid,innergid,count>|B<auto>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Run the program only after the block of group IDs of size I<count> beginning "
+"at I<outergid> has been mapped to the block of group IDs beginning at "
+"I<innergid>. This mapping is created with B<newgidmap>(1). If the range of "
+"group IDs overlaps with the mapping specified by B<--map-group>, then a "
+"\"hole\" will be removed from the mapping. This may result in the highest "
+"group ID of the mapping not being mapped. The special value B<auto> will map "
+"the first block of user IDs owned by the effective user from I</etc/subgid> "
+"to a block starting at group ID 0. If this option is specified multiple "
+"times, the last occurrence takes precedence. This option implies B<--user>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "B<--map-auto>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"Map the first block of user IDs owned by the effective user from I</etc/"
+"subuid> to a block starting at user ID 0. In the same manner, also map the "
+"first block of group IDs owned by the effective group from I</etc/subgid> to "
+"a block starting at group ID 0. This option is intended to handle the common "
+"case where the first block of subordinate user and group IDs can map the "
+"whole user and group ID space. This option is equivalent to specifying B<--"
+"map-users=auto> and B<--map-groups=auto>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-r>, B<--map-root-user>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Run the program only after the current effective user and group IDs have "
+"been mapped to the superuser UID and GID in the newly created user "
+"namespace. This makes it possible to conveniently gain capabilities needed "
+"to manage various aspects of the newly created namespaces (such as "
+"configuring interfaces in the network namespace or mounting filesystems in "
+"the mount namespace) even when run unprivileged. As a mere convenience "
+"feature, it does not support more sophisticated use cases, such as mapping "
+"multiple ranges of UIDs and GIDs. This option implies B<--setgroups=deny> "
+"and B<--user>. This option is equivalent to B<--map-user=0 --map-group=0>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-c>, B<--map-current-user>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Run the program only after the current effective user and group IDs have "
+"been mapped to the same UID and GID in the newly created user namespace. "
+"This option implies B<--setgroups=deny> and B<--user>. This option is "
+"equivalent to B<--map-user=$(id -ru) --map-group=$(id -rg)>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--propagation private>|B<shared>|B<slave>|B<unchanged>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Recursively set the mount propagation flag in the new mount namespace. The "
+"default is to set the propagation to I<private>. It is possible to disable "
+"this feature with the argument B<unchanged>. The option is silently ignored "
+"when the mount namespace (B<--mount>) is not requested."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--setgroups allow>|B<deny>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "Allow or deny the B<setgroups>(2) system call in a user namespace."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"To be able to call B<setgroups>(2), the calling process must at least have "
+"B<CAP_SETGID>. But since Linux 3.19 a further restriction applies: the "
+"kernel gives permission to call B<setgroups>(2) only after the GID map (B</"
+"proc/>I<pid>*/gid_map*) has been set. The GID map is writable by root when "
+"B<setgroups>(2) is enabled (i.e., B<allow>, the default), and the GID map "
+"becomes writable by unprivileged processes when B<setgroups>(2) is "
+"permanently disabled (with B<deny>)."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-R>, B<--root=>I<dir>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "run the command with root directory set to I<dir>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-w>, B<--wd=>I<dir>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "change working directory to I<dir>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-S>, B<--setuid> I<uid>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "Set the user ID which will be used in the entered namespace."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-G>, B<--setgid> I<gid>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the group ID which will be used in the entered namespace and drop "
+"supplementary groups."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--monotonic> I<offset>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the offset of B<CLOCK_MONOTONIC> which will be used in the entered time "
+"namespace. This option requires unsharing a time namespace with B<--time>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<--boottime> I<offset>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"Set the offset of B<CLOCK_BOOTTIME> which will be used in the entered time "
+"namespace. This option requires unsharing a time namespace with B<--time>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-h>, B<--help>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "Display help text and exit."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "B<-V>, B<--version>"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid "Print version and exit."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "NOTES"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"The proc and sysfs filesystems mounting as root in a user namespace have to "
+"be restricted so that a less privileged user cannot get more access to "
+"sensitive files that a more privileged user made unavailable. In short the "
+"rule for proc and sysfs is as close to a bind mount as possible."
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "EXAMPLES"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"The following command creates a PID namespace, using B<--fork> to ensure "
+"that the executed command is performed in a child process that (being the "
+"first process in the namespace) has PID 1. The B<--mount-proc> option "
+"ensures that a new mount namespace is also simultaneously created and that a "
+"new B<proc>(5) filesystem is mounted that contains information corresponding "
+"to the new PID namespace. When the B<readlink>(1) command terminates, the "
+"new namespaces are automatically torn down."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# unshare --fork --pid --mount-proc readlink /proc/self\n"
+"1\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"As an unprivileged user, create a new user namespace where the user\\(cqs "
+"credentials are mapped to the root IDs inside the namespace:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"$ id -u; id -g\n"
+"1000\n"
+"1000\n"
+"$ unshare --user --map-root-user \\(rs\n"
+"        sh -c \\(aq\\(aqwhoami; cat /proc/self/uid_map /proc/self/gid_map\\(aq\\(aq\n"
+"root\n"
+"         0       1000          1\n"
+"         0       1000          1\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"As an unprivileged user, create a user namespace where the first 65536 IDs "
+"are all mapped, and the user\\(cqs credentials are mapped to the root IDs "
+"inside the namespace. The map is determined by the subordinate IDs assigned "
+"in B<subuid>(5) and B<subgid>(5). Demonstrate this mapping by creating a "
+"file with user ID 1 and group ID 1. For brevity, only the user ID mappings "
+"are shown:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"$ id -u\n"
+"1000\n"
+"$ cat /etc/subuid\n"
+"1000:100000:65536\n"
+"$ unshare --user --map-auto --map-root-user\n"
+"# id -u\n"
+"0\n"
+"# cat /proc/self/uid_map\n"
+"         0       1000          1\n"
+"         1     100000      65535\n"
+"# touch file; chown 1:1 file\n"
+"# ls -ln --time-style=+ file\n"
+"-rw-r--r-- 1 1 1 0  file\n"
+"# exit\n"
+"$ ls -ln --time-style=+ file\n"
+"-rw-r--r-- 1 100000 100000 0  file\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The first of the following commands creates a new persistent UTS namespace "
+"and modifies the hostname as seen in that namespace. The namespace is then "
+"entered with B<nsenter>(1) in order to display the modified hostname; this "
+"step demonstrates that the UTS namespace continues to exist even though the "
+"namespace had no member processes after the B<unshare> command terminated. "
+"The namespace is then destroyed by removing the bind mount."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# touch /root/uts-ns\n"
+"# unshare --uts=/root/uts-ns hostname FOO\n"
+"# nsenter --uts=/root/uts-ns hostname\n"
+"FOO\n"
+"# umount /root/uts-ns\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The following commands establish a persistent mount namespace referenced by "
+"the bind mount I</root/namespaces/mnt>. In order to ensure that the creation "
+"of that bind mount succeeds, the parent directory (I</root/namespaces>) is "
+"made a bind mount whose propagation type is not B<shared>."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# mount --bind /root/namespaces /root/namespaces\n"
+"# mount --make-private /root/namespaces\n"
+"# touch /root/namespaces/mnt\n"
+"# unshare --mount=/root/namespaces/mnt\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The following commands demonstrate the use of the B<--kill-child> option "
+"when creating a PID namespace, in order to ensure that when B<unshare> is "
+"killed, all of the processes within the PID namespace are killed."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "# set +m                # Don\\(aqt print job status messages\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "# unshare --pid --fork --mount-proc --kill-child -- \\(rs\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"       bash --norc -c \\(aq\\(aq(sleep 555 &) && (ps a &) && sleep 999\\(aq\\(aq &\n"
+"[1] 53456\n"
+"#     PID TTY      STAT   TIME COMMAND\n"
+"      1 pts/3    S+     0:00 sleep 999\n"
+"      3 pts/3    S+     0:00 sleep 555\n"
+"      5 pts/3    R+     0:00 ps a\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# ps h -o \\(aqcomm\\(aq $!     # Show that background job is unshare(1)\n"
+"unshare\n"
+"# kill $!               # Kill unshare(1)\n"
+"# pidof sleep\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The B<pidof>(1) command prints no output, because the B<sleep> processes "
+"have been killed. More precisely, when the B<sleep> process that has PID 1 "
+"in the namespace (i.e., the namespace\\(cqs init process) was killed, this "
+"caused all other processes in the namespace to be killed. By contrast, a "
+"similar series of commands where the B<--kill-child> option is not used "
+"shows that when B<unshare> terminates, the processes in the PID namespace "
+"are not killed:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "# unshare --pid --fork --mount-proc -- \\(rs\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"       bash --norc -c \\(aq\\(aq(sleep 555 &) && (ps a &) && sleep 999\\(aq\\(aq &\n"
+"[1] 53479\n"
+"#     PID TTY      STAT   TIME COMMAND\n"
+"      1 pts/3    S+     0:00 sleep 999\n"
+"      3 pts/3    S+     0:00 sleep 555\n"
+"      5 pts/3    R+     0:00 ps a\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# kill $!\n"
+"# pidof sleep\n"
+"53482 53480\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The following example demonstrates the creation of a time namespace where "
+"the boottime clock is set to a point several years in the past:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid ""
+"# uptime -p             # Show uptime in initial time namespace\n"
+"up 21 hours, 30 minutes\n"
+"# unshare --time --fork --boottime 300000000 uptime -p\n"
+"up 9 years, 28 weeks, 1 day, 2 hours, 50 minutes\n"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "AUTHORS"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"B<newuidmap>(1)  B<newgidmap>(1)  B<clone>(2), B<unshare>(2), "
+"B<namespaces>(7), B<mount>(8)"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "REPORTING BUGS"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid "For bug reports, use the issue tracker at"
+msgstr ""
+
+#. type: SH
+#: debian-bookworm opensuse-leap-15-6
+#, no-wrap
+msgid "AVAILABILITY"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm opensuse-leap-15-6
+msgid ""
+"The B<unshare> command is part of the util-linux package which can be "
+"downloaded from"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "2022-02-14"
+msgstr ""
+
+#. type: TH
+#: opensuse-leap-15-6
+#, no-wrap
+msgid "util-linux 2.37.4"
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"By default, a new namespace persists only as long as it has member "
+"processes. A new namespace can be made persistent even when it has no member "
+"processes by bind mounting /proc/I<pid>/ns/I<type> files to a filesystem "
+"path. A namespace that has been made persistent in this way can subsequently "
+"be entered with B<nsenter>(1) even after the I<program> terminates (except "
+"PID namespaces where a permanently running init process is required). Once a "
+"persistent namespace is no longer needed, it can be unpersisted by using "
+"B<umount>(8) to remove the bind mount. See the EXAMPLES section for more "
+"details."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the IPC namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the mount namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount. Note that I<file> must be located on a "
+"mount whose propagation type is not B<shared> (or an error results). Use the "
+"command B<findmnt -o+PROPAGATION> when not sure about the current setting. "
+"See also the examples below."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the network namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the PID namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount. (Creation of a persistent PID "
+"namespace will fail if the B<--fork> option is not also specified.)"
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the UTS namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the user namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the cgroup namespace. If I<file> is specified, then persistent "
+"namespace is created by bind mount."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"Unshare the time namespace. If I<file> is specified, then a persistent "
+"namespace is created by a bind mount. The B<--monotonic> and B<--boottime> "
+"options can be used to specify the corresponding offset in the time "
+"namespace."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid "Display version information and exit."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"The proc and sysfs filesystems mounting as root in a user namespace have to "
+"be restricted so that a less privileged user can not get more access to "
+"sensitive files that a more privileged user made unavailable. In short the "
+"rule for proc and sysfs is as close to a bind mount as possible."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid ""
+"The following command creates a PID namespace, using B<--fork> to ensure "
+"that the executed command is performed in a child process that (being the "
+"first process in the namespace) has PID 1. The B<--mount-proc> option "
+"ensures that a new mount namespace is also simultaneously created and that a "
+"new B<proc>(5) filesystem is mounted that contains information corresponding "
+"to the new PID namespace. When the B<readlink> command terminates, the new "
+"namespaces are automatically torn down."
+msgstr ""
+
+#. type: Plain text
+#: opensuse-leap-15-6
+msgid "B<clone>(2), B<unshare>(2), B<namespaces>(7), B<mount>(8)"
+msgstr ""