Enum unshare::Namespace[−][src]

pub enum Namespace {
    Mount,
    Uts,
    Ipc,
    User,
    Pid,
    Net,
    Cgroup,
}

Namespace name to unshare

See man 7 namespaces for more information

Variants

Mount

Unshare the mount namespace. It basically means that you can now mount and unmount folders without touching parent mount points.

But note that you also have to make all your mountpoints non-shareable or changes will be propagated to parent namespace anyway.

This is always needed if you want pivot_root (but not enforced by library)

Uts

Unshare the UTS namespace. This allows you to change hostname of the new container.

Ipc

Unshare the IPC namespace. This creates new namespace for System V IPC POSIX message queues and similar.

User

Unshare user namespace. This allows unprivileged user to be root user in new namespace and/or change mappings between real (outer) user namespace and the inner one.

This one is required if you want to unshare any other namespace without root privileges (it’s not enforced by kernel not the library)

See man 7 user_namespaces for more information.

Pid

Unshare pid namespace. The child process becomes PID 1 (inside container) with the following rough list of consequences:

All daemon processes are reparented to the process
All signal dispositions are set to Ignore. E.g. process doesn’t get killed by SIGINT (Ctrl+C), unless signal handler is explicitly set
If the process is dead, all its children are killed by SIGKILL (i.e. can’t catch the death signal)

All this means that most of the time the new process having this namespace must be some kind of process supervisor.

Also take a note that /proc is not automatically changed. So you should also unshare Mount namespace and mount new /proc inside the PID namespace.

See man 7 pid_namespaces for more information

Net

Unshare network namespace

New namespace is empty and has no conectivity, even localhost network, unless some setup is done afterwards.

Note that unix sockets continue to work, but “abstract unix sockets” are isolated as a result of this option. The availability of unix sockets might also mean that libc is able to resolve DNS names by using NSCD. You may isolate unix sockets by using any kind of filesystem isolation.

Cgroup

Cgroup namespace

Creates a new namespace for CGroups.

See man 7 cgroup_namespaces for more information

Trait Implementations

`impl Clone for Namespace`[src]

`fn clone(&self) -> Namespace`[src]

`pub fn clone_from(&mut self, source: &Self)`1.0.0 [src]

`impl Copy for Namespace`[src]

`impl Eq for Namespace`[src]

`impl Hash for Namespace`[src]

`fn hash<H: Hasher>(&self, state: &mut H)`[src]

`pub fn hash_slice<H>(data: &[Self], state: &mut H) where H: Hasher,` 1.3.0 [src]

`impl PartialEq<Namespace> for Namespace`[src]

`fn eq(&self, other: &Namespace) -> bool`[src]

`#[must_use] pub fn ne(&self, other: &Rhs) -> bool`1.0.0 [src]

`impl StructuralEq for Namespace`[src]

`impl StructuralPartialEq for Namespace`[src]

Auto Trait Implementations

`impl RefUnwindSafe for Namespace`

`impl Send for Namespace`

`impl Sync for Namespace`

`impl Unpin for Namespace`

`impl UnwindSafe for Namespace`

Blanket Implementations

`impl<T> Any for T where T: 'static + ?Sized,` [src]

`pub fn type_id(&self) -> TypeId`[src]

`impl<T> Borrow<T> for T where T: ?Sized,` [src]

`pub fn borrow(&self) -> &T`[src]

`impl<T> BorrowMut<T> for T where T: ?Sized,` [src]

`pub fn borrow_mut(&mut self) -> &mut T`[src]

`impl<T> From<T> for T`[src]

`pub fn from(t: T) -> T`[src]

`impl<T, U> Into for T where U: From<T>,` [src]

`pub fn into(self) -> U`[src]

`impl<T> ToOwned for T where T: Clone,` [src]

`type Owned = T`

The resulting type after obtaining ownership.

`pub fn to_owned(&self) -> T`[src]

`pub fn clone_into(&self, target: &mut T)`[src]

`impl<T, U> TryFrom for T where U: Into<T>,` [src]

`type Error = Infallible`

The type returned in the event of a conversion error.

`pub fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>`[src]

`impl<T, U> TryInto for T where U: TryFrom<T>,` [src]

`type Error = >::Error`

The type returned in the event of a conversion error.

Enum unshare::Namespace⎘[−][src]

Variants

Trait Implementations

impl Clone for Namespace[src]

fn clone(&self) -> Namespace[src]

pub fn clone_from(&mut self, source: &Self)1.0.0[src]

impl Copy for Namespace[src]

impl Eq for Namespace[src]

impl Hash for Namespace[src]

fn hash<__H: Hasher>(&self, state: &mut __H)[src]

pub fn hash_slice<H>(data: &[Self], state: &mut H) where H: Hasher, 1.3.0[src]

impl PartialEq<Namespace> for Namespace[src]

fn eq(&self, other: &Namespace) -> bool[src]

#[must_use]pub fn ne(&self, other: &Rhs) -> bool1.0.0[src]

impl StructuralEq for Namespace[src]

impl StructuralPartialEq for Namespace[src]

Auto Trait Implementations

impl RefUnwindSafe for Namespace

impl Send for Namespace

impl Sync for Namespace

impl Unpin for Namespace

impl UnwindSafe for Namespace

Blanket Implementations

impl<T> Any for T where T: 'static + ?Sized, [src]

pub fn type_id(&self) -> TypeId[src]

impl<T> Borrow<T> for T where T: ?Sized, [src]

pub fn borrow(&self) -> &T[src]

impl<T> BorrowMut<T> for T where T: ?Sized, [src]

pub fn borrow_mut(&mut self) -> &mut T[src]

impl<T> From<T> for T[src]

pub fn from(t: T) -> T[src]

impl<T, U> Into<U> for T where U: From<T>, [src]

pub fn into(self) -> U[src]

impl<T> ToOwned for T where T: Clone, [src]

type Owned = T

pub fn to_owned(&self) -> T[src]

pub fn clone_into(&self, target: &mut T)[src]

impl<T, U> TryFrom<U> for T where U: Into<T>, [src]

type Error = Infallible

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

impl<T, U> TryInto<U> for T where U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]