Enum unshare::Namespace [−][src]
pub enum Namespace { Mount, Uts, Ipc, User, Pid, Net, Cgroup, }
Namespace name to unshare
See man 7 namespaces
for more information
Variants
Mount
Unshare the mount namespace. It basically means that you can now mount and unmount folders without touching parent mount points.
But note that you also have to make all your mountpoints non-shareable or changes will be propagated to parent namespace anyway.
This is always needed if you want pivot_root
(but not enforced by
library)
Uts
Unshare the UTS namespace. This allows you to change hostname of the new container.
Ipc
Unshare the IPC namespace. This creates new namespace for System V IPC POSIX message queues and similar.
User
Unshare user namespace. This allows unprivileged user to be root user in new namespace and/or change mappings between real (outer) user namespace and the inner one.
This one is required if you want to unshare any other namespace without root privileges (it's not enforced by kernel not the library)
See man 7 user_namespaces
for more information.
Pid
Unshare pid namespace. The child process becomes PID 1 (inside container) with the following rough list of consequences:
- All daemon processes are reparented to the process
- All signal dispositions are set to
Ignore
. E.g. process doesn't get killed bySIGINT
(Ctrl+C), unless signal handler is explicitly set - If the process is dead, all its children are killed by
SIGKILL
(i.e. can't catch the death signal)
All this means that most of the time the new process having this namespace must be some kind of process supervisor.
Also take a note that /proc
is not automatically changed. So you
should also unshare Mount
namespace and mount new /proc
inside the
PID namespace.
See man 7 pid_namespaces
for more information
Net
Unshare network namespace
New namespace is empty and has no conectivity, even localhost network, unless some setup is done afterwards.
Note that unix sockets continue to work, but "abstract unix sockets" are isolated as a result of this option. The availability of unix sockets might also mean that libc is able to resolve DNS names by using NSCD. You may isolate unix sockets by using any kind of filesystem isolation.
Cgroup
Cgroup namespace
Creates a new namespace for CGroups.
See man 7 cgroup_namespaces
for more information
Trait Implementations
impl PartialEq for Namespace
[src]
impl PartialEq for Namespace
fn eq(&self, other: &Namespace) -> bool
[src]
fn eq(&self, other: &Namespace) -> bool
This method tests for self
and other
values to be equal, and is used by ==
. Read more
fn ne(&self, other: &Rhs) -> bool
1.0.0[src]
fn ne(&self, other: &Rhs) -> bool
This method tests for !=
.
impl Eq for Namespace
[src]
impl Eq for Namespace
impl Hash for Namespace
[src]
impl Hash for Namespace
fn hash<__H: Hasher>(&self, state: &mut __H)
[src]
fn hash<__H: Hasher>(&self, state: &mut __H)
Feeds this value into the given [Hasher
]. Read more
fn hash_slice<H>(data: &[Self], state: &mut H) where
H: Hasher,
1.3.0[src]
fn hash_slice<H>(data: &[Self], state: &mut H) where
H: Hasher,
Feeds a slice of this type into the given [Hasher
]. Read more
impl Clone for Namespace
[src]
impl Clone for Namespace
fn clone(&self) -> Namespace
[src]
fn clone(&self) -> Namespace
Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
impl Copy for Namespace
[src]
impl Copy for Namespace