1 .TH "untie" "8" "0.4" "Guillaume Chazarain" "Namespace creator"
3 untie \- Run a command in a new namespace
5 \fBuntie\fR [OPTIONS]... [COMMAND]...
7 \fIuntie\fR uses Linux virtualization features to run commands in separate namespaces. If no command is given, a shell is launched in the new namespace. Note that only root can create new namespaces.
9 The options define which namespaces to share with the parent or to fork. All the options can be combined, only --mask can be given more than once.
14 \fB\-V, \-\-version\fR
15 Print version and exit.
18 New mount namespace. Mounts in a namespace are invisible in other namespaces. In order to have mounts crossing namespaces, you have to use the shared subtrees feature of Linux. See http://lwn.net/Articles/159092/ for more details.
21 New uname. An uname namespace can have its own hostname.
24 New IPC context. This permits a group of applications to have a private namespace for System V IPC. These include message queues, semaphores and shared memory segments.
27 New user namespace. This resets the per user limits for the launched process.
30 New PID namespace. When virtualising the PID namespace, you should also virtualize the mount namespace (\-\-mount) and re-mount /proc in the new namespace.
33 New network namespace.
36 Pass user defined flag. This flag allows to virtualize a resource that was not virtualizable at the time this program was written. For example to clone the uname namespace without the --uname option, you would use \fIuntie\fR --mask=0x04000000 because 0x04000000 is the value of CLONE_NEWUTS as per the header file sched.h.
38 \fB\-\-chroot=DIRECTORY\fR
39 Chroot in the specified directory. This will let the child process perform a chroot before executing its command. The chroot is followed by a chdir("/") to prevent the simplest form of chroot escape.
42 Change to the specified UID. This makes the child process run with the specified UID. If no GID argument is given, the GID will be set to the given UID and the child process groups will be the single element list with the given UID.
44 \fB\-\-username=USERNAME\fR
45 Change to the specified username. This option has the same role as the previous one, except it takes a user name string instead of a UID number. This option and the previous one are mutually exclusive.
48 Add the specified GID. This argument can be given many times and will build the process groups list for the child process. The GID will be the first element in the list.
50 \fB\-\-groupname=GROUP\fR
51 Add the specified group. This option has the same role as the previous one, except it takes a group name string instead of a GID number. This option as well as the previous one can be given any number of times. The previous option takes precedence to determine the GID of the child process.
54 Run as daemon. With this option, the child process will run as a background daemon.
56 \fB\-\-alarm=SECONDS\fR
57 Set an alarm after the specified delay. This option uses the alarm(2) facility to cause the termination of the child process after the specified timeout. The limitations of the alarm(2) system call apply, so if the child process uses alarm(2) it will cancel this specific timeout.
60 Run as the specified nice level. This sets the nice(1) value of the child process, levels typically range from -20 (highest priority) to 19 (lowest priority).
63 Use the specified (possibly RT) scheduling policy. Accepted values are 'rr', 'fifo', 'normal', 'other' case insensitive. The policy can also be given in numerical form.
65 \fB\-\-schedprio=PRIO\fR
66 Set the priority according to the given scheduler. This is typically used to set the priority between 1 and 100 when an RT scheduling policy is choosen.
68 \fB\-\-timeout\-term=SECONDS\fR
69 Delay before sending a SIGTERM to the process. This is a timeout as with the \-\-alarm option, except that it is more robust and delivers a SIGTERM. The number of seconds can be given as a floating point number.
71 \fB\-\-timeout\-kill=SECONDS\fR
72 Delay before sending a SIGKILL to the process. Same as \-\-timeout\-term except that the delivered signal is SIGKILL. The indended usage is a first "soft" timeout with a SIGTERM, and then a deadly timeout with SIGKILL. The ordering of the timeouts is not imposed though.
74 Guillaume Chazarain <guichaz@yahoo.fr>
76 See http://guichaz.free.fr/untie