How to use the command 'unshare' (with examples)

How to use the command 'unshare' (with examples)

The unshare command allows users to execute a command in new user-defined namespaces. This means that the command can be executed with new sets of resources, such as network, mount, or process namespaces, without sharing access to the existing ones. This can be useful in scenarios where isolation or control over specific resources is required.

Use case 1: Execute a command without sharing access to connected networks

Code:

unshare --net command command_arguments

Motivation:

The motivation for using this example is to execute a command without sharing access to the connected networks. This can be helpful in scenarios where the command being executed should not have permission to communicate over the network.

Explanation:

  • unshare: The command itself.
  • --net: Specifies the network namespace.
  • command: The command to be executed.
  • command_arguments: Arguments to be passed to the command.

Example output:

If we want to execute the ping command without network access, we can use the following code:

unshare --net ping www.example.com

The output will be something like:

ping: www.example.com: Name or service not known

Use case 2: Execute a command as a child process without sharing mounts, processes, or networks

Code:

unshare --mount --pid --net --fork command command_arguments

Motivation:

The motivation for using this example is to execute a command as a child process without sharing mounts, processes, or networks. This can be useful when you want to run a command in a clean and isolated environment, separate from the current system environment.

Explanation:

  • unshare: The command itself.
  • --mount: Specifies the mount namespace.
  • --pid: Specifies the process namespace.
  • --net: Specifies the network namespace.
  • --fork: Runs the command as a child process.
  • command: The command to be executed.
  • command_arguments: Arguments to be passed to the command.

Example output:

Let’s say we want to run a Python script as a child process with an isolated mount, process, and network namespace. We can use the following code:

unshare --mount --pid --net --fork python my_script.py

The output will depend on the execution logic of the script.

Conclusion:

The unshare command is a powerful tool that allows users to execute commands in isolated user-defined namespaces. Whether you want to restrict network access or run commands in a clean and separate environment, the unshare command provides the necessary functionality. By understanding the different use cases and command arguments, you can leverage unshare to achieve the desired level of isolation and control over system resources.

Related Posts

How to use the command valet (with examples)

How to use the command valet (with examples)

Valet is a Laravel development environment that allows hosting sites via local tunnels on http://<example>.

Read More
Using getopt (with examples)

Using getopt (with examples)

Using getopt to parse optional verbose/version flags getopt --options vV --longoptions verbose,version -- --version --verbose Motivation: In some scripts or programs, it may be useful to offer command-line options to control the behavior of the program.

Read More
How to use the command 'needrestart' (with examples)

How to use the command 'needrestart' (with examples)

The ’needrestart’ command is a useful tool that allows you to check which daemons need to be restarted after library upgrades.

Read More