unshare(1)

The unshare(1) is a new command line interface to unshare Linux syscall and allows a program to run with some parts of the process execution context unshared from parent. This new command is available in util-linux-ng 2.17 (thanks to Mikhail Gusarov who is author of the command).

Currently, the unshare(1) command allows to disassociates:

• mount namespace
• UTS (since kernel 2.6.19, independent hostname and domainname)
• IPC namespace (System V message queues, semaphores, and shared memory)
• network namespace (since kernel 2.6.24, independent IP stacks, IP routing tables, firewall, ...)

Probably the most attractive is unshared mount namespace (see Mike Hommey's "newns" or pam_namespace).

For example I have two xterms, let's start a new bash with unshared mount namespace in the first session:

Session1:

  # unshare --mount  /bin/bash
  # mount /dev/sda1 /mnt/test
  # grep test /proc/mounts
  /dev/sda1 /mnt/test ext3 rw,relatime,errors=continue,user_xattr,acl,data=ordered 0 0

Session2:

  # grep test /proc/mounts
  # ll /mnt/test
  total 0

... the /mnt/test filesystem is visible in the Session1 only. That's all, pretty simple and pretty useful :-)