unshare

Enum Namespace

Source 
pub enum Namespace {
    Mount,
    Uts,
    Ipc,
    User,
    Pid,
    Net,
    Cgroup,
}
Expand description

Namespace name to unshare

See man 7 namespaces for more information

Variants§

§

Mount

Unshare the mount namespace. It basically means that you can now mount and unmount folders without touching parent mount points.

But note that you also have to make all your mountpoints non-shareable or changes will be propagated to parent namespace anyway.

This is always needed if you want pivot_root (but not enforced by library)

§

Uts

Unshare the UTS namespace. This allows you to change hostname of the new container.

§

Ipc

Unshare the IPC namespace. This creates new namespace for System V IPC POSIX message queues and similar.

§

User

Unshare user namespace. This allows unprivileged user to be root user in new namespace and/or change mappings between real (outer) user namespace and the inner one.

This one is required if you want to unshare any other namespace without root privileges (it’s not enforced by kernel not the library)

See man 7 user_namespaces for more information.

§

Pid

Unshare pid namespace. The child process becomes PID 1 (inside container) with the following rough list of consequences:

  1. All daemon processes are reparented to the process
  2. All signal dispositions are set to Ignore. E.g. process doesn’t get killed by SIGINT (Ctrl+C), unless signal handler is explicitly set
  3. If the process is dead, all its children are killed by SIGKILL (i.e. can’t catch the death signal)

All this means that most of the time the new process having this namespace must be some kind of process supervisor.

Also take a note that /proc is not automatically changed. So you should also unshare Mount namespace and mount new /proc inside the PID namespace.

See man 7 pid_namespaces for more information

§

Net

Unshare network namespace

New namespace is empty and has no conectivity, even localhost network, unless some setup is done afterwards.

Note that unix sockets continue to work, but “abstract unix sockets” are isolated as a result of this option. The availability of unix sockets might also mean that libc is able to resolve DNS names by using NSCD. You may isolate unix sockets by using any kind of filesystem isolation.

§

Cgroup

Cgroup namespace

Creates a new namespace for CGroups.

See man 7 cgroup_namespaces for more information

Trait Implementations§

Source§

impl Clone for Namespace

Source§

fn clone(&self) -> Namespace

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Hash for Namespace

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for Namespace

Source§

fn eq(&self, other: &Namespace) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for Namespace

Source§

impl Eq for Namespace

Source§

impl StructuralPartialEq for Namespace

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.