Crate unshare[][src]

The Command has mostly same API as std::process::Command except where is absolutely needed.

In addition Command contains methods to configure linux namespaces, chroots and more linux stuff.

We have diverged from std::process::Command in the following major things:

  1. Error handling. Since sometimes we have long chains of system calls involved, we need to give user some way to find out which call failed with an error, so io::Error is not an option. We have error::Error class which describes the error as precisely as possible

  2. We set PDEATHSIG to SIGKILL by default. I.e. child process will die when parent is dead. This is what you want most of the time. If you want to allow child process to daemonize explicitly call the allow_daemonize method (but look at documentation of Command::set_parent_death_signal first).

  3. We don't search for program in PATH. It's hard to do right in all cases of chroot, pivot_root, user and mount namespaces. So we expect its easier to do for your specific container setup.

Anyway this is low-level interface. You may want to use some higher level abstraction which mounts filesystems, sets network and monitors processes.

Structs

Child

The reference to the running child
Command

Main class for running processes. Works in the spirit of builder pattern.
GidMap

Entry (row) in the gid map
PipeReader

A reading end of Pipe object after Pipe::split
PipeWriter

A writing end of Pipe object after Pipe::split
Printer

A temporary value returned from Command::display for the sole purpose of being Display'ed.
Style

This is a builder for various settings of how command may be printed
UidMap

Entry (row) in the uid map

Enums

Capability
ChildEvent

The event returned from child_events() iterator
Error

Error runnning process
ExitStatus

The exit status of a process
Fd

An enumeration that is used to configure non-stdio file descriptors. It differs from stdio one because we must differentiate from readable and writable file descriptors for things open by the library
Namespace

Namespace name to unshare
Signal
Stdio

An enumeration that is used to configure stdio file descritors

Functions

child_events

Creates iterator over child events
reap_zombies

Creates iterator over zombie processes