unshare 1 user commands nosh unshare un-share various namespaces making them private to the process unshare --mount --network --uts --ipc --process --user next-prog This command currently has no effect on BSD. Be careful, therefore, of the effect that this will have on make-private-fs1 and make-read-only-fs1. unshare is a chain-loading utility that calls unshare2 to "unshare" various "namespaces" from its parent process and then chain loads to next-prog with the execvp3 function. next-prog may contain its own command line options, which unshare will ignore. The namespaces un-shared are controlled by command-line options as follows: --mount The process switches to a private namespace of mounted filesystems. --network The process switches to a private namespace of network interfaces. --uts The process switches to a private namespace of UTS names. --IPC The process switches to a private namespace of IPC names. --process The process switches to a private namespace of process IDs. --user The process switches to a private namespace of user IDs. The command will fail if the process is not running under the aegis of the superuser and the unshare2 function call thus fails. Non-superusers are not permitted to unshare these things. Jonathan de Boyne Pollard