diff options
Diffstat (limited to '')
| -rw-r--r-- | templates/man1/unshare.1.pot | 1018 |
1 files changed, 1018 insertions, 0 deletions
diff --git a/templates/man1/unshare.1.pot b/templates/man1/unshare.1.pot new file mode 100644 index 00000000..b864fa79 --- /dev/null +++ b/templates/man1/unshare.1.pot @@ -0,0 +1,1018 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2023-08-27 17:31+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: TH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "UNSHARE" +msgstr "" + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "2022-05-11" +msgstr "" + +#. type: TH +#: debian-bookworm +#, no-wrap +msgid "util-linux 2.38.1" +msgstr "" + +#. type: TH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "User Commands" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "unshare - run program in new namespaces" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "SYNOPSIS" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<unshare> [options] [I<program> [I<arguments>]]" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The B<unshare> command creates new namespaces (as specified by the command-" +"line options described below) and then executes the specified I<program>. If " +"I<program> is not given, then \"${SHELL}\" is run (default: I</bin/sh>)." +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"By default, a new namespace persists only as long as it has member " +"processes. A new namespace can be made persistent even when it has no member " +"processes by bind mounting /proc/I<pid>/ns/I<type> files to a filesystem " +"path. A namespace that has been made persistent in this way can subsequently " +"be entered with B<nsenter>(1) even after the I<program> terminates (except " +"PID namespaces where a permanently running init process is required). Once a " +"persistent namespace is no longer needed, it can be unpersisted by using " +"B<umount>(8) to remove the bind mount. See the B<EXAMPLES> section for more " +"details." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"B<unshare> since util-linux version 2.36 uses I</proc/[pid]/ns/" +"pid_for_children> and I</proc/[pid]/ns/time_for_children> files for " +"persistent PID and TIME namespaces. This change requires Linux kernel 4.17 " +"or newer." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "The following types of namespaces can be created with B<unshare>:" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<mount namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Mounting and unmounting filesystems will not affect the rest of the system, " +"except for filesystems which are explicitly marked as shared (with B<mount --" +"make-shared>; see I</proc/self/mountinfo> or B<findmnt -o+PROPAGATION> for " +"the B<shared> flags). For further details, see B<mount_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"B<unshare> since util-linux version 2.27 automatically sets propagation to " +"B<private> in a new mount namespace to make sure that the new namespace is " +"really unshared. It\\(cqs possible to disable this feature with option B<--" +"propagation unchanged>. Note that B<private> is the kernel default." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<UTS namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Setting hostname or domainname will not affect the rest of the system. For " +"further details, see B<uts_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<IPC namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The process will have an independent namespace for POSIX message queues as " +"well as System V message queues, semaphore sets and shared memory segments. " +"For further details, see B<ipc_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<network namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The process will have independent IPv4 and IPv6 stacks, IP routing tables, " +"firewall rules, the I</proc/net> and I</sys/class/net> directory trees, " +"sockets, etc. For further details, see B<network_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<PID namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Children will have a distinct set of PID-to-process mappings from their " +"parent. For further details, see B<pid_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<cgroup namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The process will have a virtualized view of I</proc/self/cgroup>, and new " +"cgroup mounts will be rooted at the namespace cgroup root. For further " +"details, see B<cgroup_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<user namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The process will have a distinct set of UIDs, GIDs and capabilities. For " +"further details, see B<user_namespaces>(7)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<time namespace>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The process can have a distinct view of B<CLOCK_MONOTONIC> and/or " +"B<CLOCK_BOOTTIME> which can be changed using I</proc/self/timens_offsets>. " +"For further details, see B<time_namespaces>(7)." +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "OPTIONS" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-i>, B<--ipc>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new IPC namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-m>, B<--mount>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new mount namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>. Note that I<file> must " +"be located on a mount whose propagation type is not B<shared> (or an error " +"results). Use the command B<findmnt -o+PROPAGATION> when not sure about the " +"current setting. See also the examples below." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-n>, B<--net>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new network namespace. If I<file> is specified, then the namespace " +"is made persistent by creating a bind mount at I<file>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-p>, B<--pid>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new PID namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>. (Creation of a " +"persistent PID namespace will fail if the B<--fork> option is not also " +"specified.)" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "See also the B<--fork> and B<--mount-proc> options." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-u>, B<--uts>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new UTS namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-U>, B<--user>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new user namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-C>, B<--cgroup>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new cgroup namespace. If I<file> is specified, then the namespace " +"is made persistent by creating a bind mount at I<file>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-T>, B<--time>[B<=>I<file>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Create a new time namespace. If I<file> is specified, then the namespace is " +"made persistent by creating a bind mount at I<file>. The B<--monotonic> and " +"B<--boottime> options can be used to specify the corresponding offset in the " +"time namespace." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-f>, B<--fork>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Fork the specified I<program> as a child process of B<unshare> rather than " +"running it directly. This is useful when creating a new PID namespace. Note " +"that when B<unshare> is waiting for the child process, then it ignores " +"B<SIGINT> and B<SIGTERM> and does not forward any signals to the child. It " +"is necessary to send signals to the child process." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--keep-caps>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"When the B<--user> option is given, ensure that capabilities granted in the " +"user namespace are preserved in the child process." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--kill-child>[B<=>I<signame>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"When B<unshare> terminates, have I<signame> be sent to the forked child " +"process. Combined with B<--pid> this allows for an easy and reliable killing " +"of the entire process tree below B<unshare>. If not given, I<signame> " +"defaults to B<SIGKILL>. This option implies B<--fork>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--mount-proc>[B<=>I<mountpoint>]" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Just before running the program, mount the proc filesystem at I<mountpoint> " +"(default is I</proc>). This is useful when creating a new PID namespace. It " +"also implies creating a new mount namespace since the I</proc> mount would " +"otherwise mess up existing programs on the system. The new proc filesystem " +"is explicitly mounted as private (with B<MS_PRIVATE>|B<MS_REC>)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--map-user=>I<uid|name>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Run the program only after the current effective user ID has been mapped to " +"I<uid>. If this option is specified multiple times, the last occurrence " +"takes precedence. This option implies B<--user>." +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "B<--map-users=>I<outeruid,inneruid,count>|B<auto>" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Run the program only after the block of user IDs of size I<count> beginning " +"at I<outeruid> has been mapped to the block of user IDs beginning at " +"I<inneruid>. This mapping is created with B<newuidmap>(1). If the range of " +"user IDs overlaps with the mapping specified by B<--map-user>, then a " +"\"hole\" will be removed from the mapping. This may result in the highest " +"user ID of the mapping not being mapped. The special value B<auto> will map " +"the first block of user IDs owned by the effective user from I</etc/subuid> " +"to a block starting at user ID 0. If this option is specified multiple " +"times, the last occurrence takes precedence. This option implies B<--user>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--map-group=>I<gid|name>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Run the program only after the current effective group ID has been mapped to " +"I<gid>. If this option is specified multiple times, the last occurrence " +"takes precedence. This option implies B<--setgroups=deny> and B<--user>." +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "B<--map-groups=>I<outergid,innergid,count>|B<auto>" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Run the program only after the block of group IDs of size I<count> beginning " +"at I<outergid> has been mapped to the block of group IDs beginning at " +"I<innergid>. This mapping is created with B<newgidmap>(1). If the range of " +"group IDs overlaps with the mapping specified by B<--map-group>, then a " +"\"hole\" will be removed from the mapping. This may result in the highest " +"group ID of the mapping not being mapped. The special value B<auto> will map " +"the first block of user IDs owned by the effective user from I</etc/subgid> " +"to a block starting at group ID 0. If this option is specified multiple " +"times, the last occurrence takes precedence. This option implies B<--user>." +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "B<--map-auto>" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"Map the first block of user IDs owned by the effective user from I</etc/" +"subuid> to a block starting at user ID 0. In the same manner, also map the " +"first block of group IDs owned by the effective group from I</etc/subgid> to " +"a block starting at group ID 0. This option is intended to handle the common " +"case where the first block of subordinate user and group IDs can map the " +"whole user and group ID space. This option is equivalent to specifying B<--" +"map-users=auto> and B<--map-groups=auto>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-r>, B<--map-root-user>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Run the program only after the current effective user and group IDs have " +"been mapped to the superuser UID and GID in the newly created user " +"namespace. This makes it possible to conveniently gain capabilities needed " +"to manage various aspects of the newly created namespaces (such as " +"configuring interfaces in the network namespace or mounting filesystems in " +"the mount namespace) even when run unprivileged. As a mere convenience " +"feature, it does not support more sophisticated use cases, such as mapping " +"multiple ranges of UIDs and GIDs. This option implies B<--setgroups=deny> " +"and B<--user>. This option is equivalent to B<--map-user=0 --map-group=0>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-c>, B<--map-current-user>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Run the program only after the current effective user and group IDs have " +"been mapped to the same UID and GID in the newly created user namespace. " +"This option implies B<--setgroups=deny> and B<--user>. This option is " +"equivalent to B<--map-user=$(id -ru) --map-group=$(id -rg)>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--propagation private>|B<shared>|B<slave>|B<unchanged>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Recursively set the mount propagation flag in the new mount namespace. The " +"default is to set the propagation to I<private>. It is possible to disable " +"this feature with the argument B<unchanged>. The option is silently ignored " +"when the mount namespace (B<--mount>) is not requested." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--setgroups allow>|B<deny>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "Allow or deny the B<setgroups>(2) system call in a user namespace." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"To be able to call B<setgroups>(2), the calling process must at least have " +"B<CAP_SETGID>. But since Linux 3.19 a further restriction applies: the " +"kernel gives permission to call B<setgroups>(2) only after the GID map (B</" +"proc/>I<pid>*/gid_map*) has been set. The GID map is writable by root when " +"B<setgroups>(2) is enabled (i.e., B<allow>, the default), and the GID map " +"becomes writable by unprivileged processes when B<setgroups>(2) is " +"permanently disabled (with B<deny>)." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-R>, B<--root=>I<dir>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "run the command with root directory set to I<dir>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-w>, B<--wd=>I<dir>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "change working directory to I<dir>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-S>, B<--setuid> I<uid>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "Set the user ID which will be used in the entered namespace." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-G>, B<--setgid> I<gid>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Set the group ID which will be used in the entered namespace and drop " +"supplementary groups." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--monotonic> I<offset>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Set the offset of B<CLOCK_MONOTONIC> which will be used in the entered time " +"namespace. This option requires unsharing a time namespace with B<--time>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<--boottime> I<offset>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Set the offset of B<CLOCK_BOOTTIME> which will be used in the entered time " +"namespace. This option requires unsharing a time namespace with B<--time>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-h>, B<--help>" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "Display help text and exit." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "B<-V>, B<--version>" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "Print version and exit." +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "NOTES" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"The proc and sysfs filesystems mounting as root in a user namespace have to " +"be restricted so that a less privileged user cannot get more access to " +"sensitive files that a more privileged user made unavailable. In short the " +"rule for proc and sysfs is as close to a bind mount as possible." +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "EXAMPLES" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"The following command creates a PID namespace, using B<--fork> to ensure " +"that the executed command is performed in a child process that (being the " +"first process in the namespace) has PID 1. The B<--mount-proc> option " +"ensures that a new mount namespace is also simultaneously created and that a " +"new B<proc>(5) filesystem is mounted that contains information corresponding " +"to the new PID namespace. When the B<readlink>(1) command terminates, the " +"new namespaces are automatically torn down." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# unshare --fork --pid --mount-proc readlink /proc/self\n" +"1\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"As an unprivileged user, create a new user namespace where the user\\(cqs " +"credentials are mapped to the root IDs inside the namespace:" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"$ id -u; id -g\n" +"1000\n" +"1000\n" +"$ unshare --user --map-root-user \\(rs\n" +" sh -c \\(aq\\(aqwhoami; cat /proc/self/uid_map /proc/self/gid_map\\(aq\\(aq\n" +"root\n" +" 0 1000 1\n" +" 0 1000 1\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"As an unprivileged user, create a user namespace where the first 65536 IDs " +"are all mapped, and the user\\(cqs credentials are mapped to the root IDs " +"inside the namespace. The map is determined by the subordinate IDs assigned " +"in B<subuid>(5) and B<subgid>(5). Demonstrate this mapping by creating a " +"file with user ID 1 and group ID 1. For brevity, only the user ID mappings " +"are shown:" +msgstr "" + +#. type: Plain text +#: debian-bookworm +#, no-wrap +msgid "" +"$ id -u\n" +"1000\n" +"$ cat /etc/subuid\n" +"1000:100000:65536\n" +"$ unshare --user --map-auto --map-root-user\n" +"# id -u\n" +"0\n" +"# cat /proc/self/uid_map\n" +" 0 1000 1\n" +" 1 100000 65535\n" +"# touch file; chown 1:1 file\n" +"# ls -ln --time-style=+ file\n" +"-rw-r--r-- 1 1 1 0 file\n" +"# exit\n" +"$ ls -ln --time-style=+ file\n" +"-rw-r--r-- 1 100000 100000 0 file\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The first of the following commands creates a new persistent UTS namespace " +"and modifies the hostname as seen in that namespace. The namespace is then " +"entered with B<nsenter>(1) in order to display the modified hostname; this " +"step demonstrates that the UTS namespace continues to exist even though the " +"namespace had no member processes after the B<unshare> command terminated. " +"The namespace is then destroyed by removing the bind mount." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# touch /root/uts-ns\n" +"# unshare --uts=/root/uts-ns hostname FOO\n" +"# nsenter --uts=/root/uts-ns hostname\n" +"FOO\n" +"# umount /root/uts-ns\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The following commands establish a persistent mount namespace referenced by " +"the bind mount I</root/namespaces/mnt>. In order to ensure that the creation " +"of that bind mount succeeds, the parent directory (I</root/namespaces>) is " +"made a bind mount whose propagation type is not B<shared>." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# mount --bind /root/namespaces /root/namespaces\n" +"# mount --make-private /root/namespaces\n" +"# touch /root/namespaces/mnt\n" +"# unshare --mount=/root/namespaces/mnt\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The following commands demonstrate the use of the B<--kill-child> option " +"when creating a PID namespace, in order to ensure that when B<unshare> is " +"killed, all of the processes within the PID namespace are killed." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "# set +m # Don\\(aqt print job status messages\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "# unshare --pid --fork --mount-proc --kill-child -- \\(rs\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" bash --norc -c \\(aq\\(aq(sleep 555 &) && (ps a &) && sleep 999\\(aq\\(aq &\n" +"[1] 53456\n" +"# PID TTY STAT TIME COMMAND\n" +" 1 pts/3 S+ 0:00 sleep 999\n" +" 3 pts/3 S+ 0:00 sleep 555\n" +" 5 pts/3 R+ 0:00 ps a\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# ps h -o \\(aqcomm\\(aq $! # Show that background job is unshare(1)\n" +"unshare\n" +"# kill $! # Kill unshare(1)\n" +"# pidof sleep\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The B<pidof>(1) command prints no output, because the B<sleep> processes " +"have been killed. More precisely, when the B<sleep> process that has PID 1 " +"in the namespace (i.e., the namespace\\(cqs init process) was killed, this " +"caused all other processes in the namespace to be killed. By contrast, a " +"similar series of commands where the B<--kill-child> option is not used " +"shows that when B<unshare> terminates, the processes in the PID namespace " +"are not killed:" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "# unshare --pid --fork --mount-proc -- \\(rs\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +" bash --norc -c \\(aq\\(aq(sleep 555 &) && (ps a &) && sleep 999\\(aq\\(aq &\n" +"[1] 53479\n" +"# PID TTY STAT TIME COMMAND\n" +" 1 pts/3 S+ 0:00 sleep 999\n" +" 3 pts/3 S+ 0:00 sleep 555\n" +" 5 pts/3 R+ 0:00 ps a\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# kill $!\n" +"# pidof sleep\n" +"53482 53480\n" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The following example demonstrates the creation of a time namespace where " +"the boottime clock is set to a point several years in the past:" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "" +"# uptime -p # Show uptime in initial time namespace\n" +"up 21 hours, 30 minutes\n" +"# unshare --time --fork --boottime 300000000 uptime -p\n" +"up 9 years, 28 weeks, 1 day, 2 hours, 50 minutes\n" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "AUTHORS" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: debian-bookworm +msgid "" +"B<newuidmap>(1) B<newgidmap>(1) B<clone>(2), B<unshare>(2), " +"B<namespaces>(7), B<mount>(8)" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "REPORTING BUGS" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "For bug reports, use the issue tracker at" +msgstr "" + +#. type: SH +#: debian-bookworm opensuse-leap-15-6 +#, no-wrap +msgid "AVAILABILITY" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The B<unshare> command is part of the util-linux package which can be " +"downloaded from" +msgstr "" + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "2022-02-14" +msgstr "" + +#. type: TH +#: opensuse-leap-15-6 +#, no-wrap +msgid "util-linux 2.37.4" +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"By default, a new namespace persists only as long as it has member " +"processes. A new namespace can be made persistent even when it has no member " +"processes by bind mounting /proc/I<pid>/ns/I<type> files to a filesystem " +"path. A namespace that has been made persistent in this way can subsequently " +"be entered with B<nsenter>(1) even after the I<program> terminates (except " +"PID namespaces where a permanently running init process is required). Once a " +"persistent namespace is no longer needed, it can be unpersisted by using " +"B<umount>(8) to remove the bind mount. See the EXAMPLES section for more " +"details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the IPC namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the mount namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount. Note that I<file> must be located on a " +"mount whose propagation type is not B<shared> (or an error results). Use the " +"command B<findmnt -o+PROPAGATION> when not sure about the current setting. " +"See also the examples below." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the network namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the PID namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount. (Creation of a persistent PID " +"namespace will fail if the B<--fork> option is not also specified.)" +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the UTS namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the user namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the cgroup namespace. If I<file> is specified, then persistent " +"namespace is created by bind mount." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Unshare the time namespace. If I<file> is specified, then a persistent " +"namespace is created by a bind mount. The B<--monotonic> and B<--boottime> " +"options can be used to specify the corresponding offset in the time " +"namespace." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "Display version information and exit." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"The proc and sysfs filesystems mounting as root in a user namespace have to " +"be restricted so that a less privileged user can not get more access to " +"sensitive files that a more privileged user made unavailable. In short the " +"rule for proc and sysfs is as close to a bind mount as possible." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"The following command creates a PID namespace, using B<--fork> to ensure " +"that the executed command is performed in a child process that (being the " +"first process in the namespace) has PID 1. The B<--mount-proc> option " +"ensures that a new mount namespace is also simultaneously created and that a " +"new B<proc>(5) filesystem is mounted that contains information corresponding " +"to the new PID namespace. When the B<readlink> command terminates, the new " +"namespaces are automatically torn down." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "B<clone>(2), B<unshare>(2), B<namespaces>(7), B<mount>(8)" +msgstr "" |