From dd4bed0f1dff419b9dca9424f2945baab727c3dd Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Thu, 29 Aug 2013 17:55:46 -0500 Subject: PID and UID namespaces for unshare, pointed out by heehooman@gmail.com. --- toys/other/unshare.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/toys/other/unshare.c b/toys/other/unshare.c index 87db6039..d9a8d3fb 100644 --- a/toys/other/unshare.c +++ b/toys/other/unshare.c @@ -2,7 +2,7 @@ * * Copyright 2011 Rob Landley -USE_UNSHARE(NEWTOY(unshare, "<1^nium", TOYFLAG_USR|TOYFLAG_BIN)) +USE_UNSHARE(NEWTOY(unshare, "<1^niumpU", TOYFLAG_USR|TOYFLAG_BIN)) config UNSHARE bool "unshare" @@ -15,10 +15,12 @@ config UNSHARE attribute is not shared with the parent process. This is part of Linux Containers. Each process can have its own: - -m Mount/unmount tree - -u Host and domain names -i SysV IPC (message queues, semaphores, shared memory) + -m Mount/unmount tree -n Network address, sockets, routing, iptables + -p Process IDs and init + -u Host and domain names + -U UIDs, GIDs, capabilities */ #include "toys.h" @@ -27,7 +29,8 @@ extern int unshare (int __flags); void unshare_main(void) { - unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, 0}; + unsigned flags[]={CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWNET, + CLONE_NEWPID, CLONE_NEWUSER, 0}; unsigned f=0; int i; -- cgit v1.2.3