When a new process is created with the clone() system call, a set of flags is provided which tells the kernel which resources, if any, should be shared between that process and its parent. Potentially shareable resources include virtual memory, open files, signal handlers, and more. New processes also share, by default, the filesystem namespace seen by their parent (and, usually, by the system as a whole).

In the current Linux kernel, the sharing decisions made at clone() time last for the lifetime of the processes involved. There is not usually a reason to change resource sharing, but recent discussions on supporting private mounts (with the filesystems in user space patch, or otherwise) have suggested that it would actually be useful for a process to be able to "unshare" resources after its creation. In particular, if a process could detach itself from the global filesystem namespace and create its own, it would be possible to set up that new namespace with whatever private mounts that process needs. If this functionality were used within a PAM module, it would be relatively easy for administrators to set up per-user views of the filesystem, complete with private mounts.

To that end, Jenak Desai has posted a patch adding a new unshare() system call. The interface is simple enough:

    long unshare(unsigned long flags);

The flags argument can be CLONE_NEWNS (to create a new filesystem namespace), CLONE_VM (to establish a private virtual address space) or CLONE_SIGHAND (to unshare signal handlers). If all goes well, when the call returns, the designated resource(s) will now be private to the calling process; otherwise the situation is unchanged.

This patch has not yet made it to the linux-kernel mailing list, and may see some changes before it is considered for inclusion.

Linux function: unshare的更多相关文章

  1. linux function

    #!/bin/bash function sayHello() { #这里的{ 和它前面的)之间可以没有空格 echo "Hello $1" } sayHello 'Neeky'

  2. karottc A Simple linux-virus Analysis、Linux Kernel <= 2.6.37 - Local Privilege Escalation、CVE-2010-4258、CVE-2010-3849、CVE-2010-3850

    catalog . 程序功能概述 . 感染文件 . 前置知识 . 获取ROOT权限: Linux Kernel <= - Local Privilege Escalation 1. 程序功能概述 ...

  3. Linux 驱动开发

    linux驱动开发总结(一) 基础性总结 1, linux驱动一般分为3大类: * 字符设备 * 块设备 * 网络设备 2, 开发环境构建: * 交叉工具链构建 * NFS和tftp服务器安装 3, ...

  4. 使用js和jq去掉左右空格方法

    <!DOCTYPE html><html> <head> <meta charset="UTF-8"> <script src ...

  5. oracle批量导出AWR报告

    工作需求:项目中需要把生产库中所有的AWR报告dump出来,然后导入到方便测试的数据库中.在测试库中的AWR报告需要根据dbid和实例名逐个导出,如果遇到很多再加上RAC系统,会很麻烦.在网上找了一些 ...

  6. SelectDirectory使用方法以及EnableTaskWindows

    SelectDirectory使用方法 格式 Delphi syntax: On Windows: function SelectDirectory(const Caption: string; co ...

  7. php 简单通用的日志记录方法

    使用file_put_contents 方法来实现简单便捷的日志记录功能 方法1: // use \r\n for new line on windows, just \n on linux func ...

  8. shell 函数用法

    近期在学习shell编程方面的知识,写的不怎么好,请大家多多指点,下面给大家分享一下shell函数的用法. 我们为什么要用shell函数? 简单的说,函数的作用就是把程序多次调用相同的代码部分定义成一 ...

  9. 一些方便系统诊断的bash函数

    原文地址:一些方便系统诊断的bash函数 一些方便系统诊断的bash函数:http://hongjiang.info/common-bash-functions/ 这段脚本包含100多个bash函数, ...

随机推荐

  1. python中format函数

    python中format函数用于字符串的格式化 通过关键字 1 print('{名字}今天{动作}'.format(名字='陈某某',动作='拍视频'))#通过关键字 2 grade = {'nam ...

  2. Vue学习笔记之Webpack介绍

    在这里我仅仅的是对webpack做个讲解,webpack这个工具非常强大,解决了我们前端很繁琐的一些工具流程繁琐的事情.如果感兴趣的同学,简易还是看官网吧. 中文链接地址:https://www.we ...

  3. poj1942 Paths on a Grid(无mod大组合数)

    poj1942 Paths on a Grid 题意:给定一个长m高n$(n,m \in unsigned 32-bit)$的矩形,问有几种走法.$n=m=0$时终止. 显然的$C(m+n,n)$ 但 ...

  4. 从IC设计业看中国企业之发展

    从IC设计业看中国企业之发展   在半导体领域,国际平均毛利润水平为40%.去年IC设计年会中,中国半导体行业协会IC设计分会理事长魏少军指出,中国IC设计业平均毛利润水平比国际平均水平低了12.39 ...

  5. zabbix中监控某个进程的shell脚本

    #!/bin/sh ret_ok= ret_warn= ret_critical= ret_unknown= info_count=`ps -aux | awk 'BEGIN {cnt=0} /[^- ...

  6. css括号风格

    1.nested 2.expanded 3.compact 压缩但是不去掉空格和注释 4.compressed 压缩并且去掉空格和注释,并且有的压缩变量名也会改变.

  7. RHEL7.X 安装 11.2.0.4 RAC 问题

    随着Linux 7 版本的普及,但Oracle数据库主流版本仍是11gR2,11.2.0.4 是生产安装首选.由于11.2.0.4对Linux 7 的支持不很完美,在Linux 7 上安装会遇到几处问 ...

  8. Jenkins+Sonar集成对代码进行持续检测

    介绍 SonarQube(曾用名Sonar(声纳)[1])是一个开源的代码质量管理系统. 特征 支持超过25种编程语言[2]:Java.C/C++.C#.PHP.Flex.Groovy.JavaScr ...

  9. git 沙河游戏节点图, 自由沙盒模拟git, 各类交互git命令

    git学习练习总资源链接: https://try.github.io/ (练习已通,有document) 本沙盒游戏教学:https://learngitbranching.js.org/?demo ...

  10. Android之Glide(非常好用的图片加载框架)

    谷歌开发者论坛上,谷歌为我们介绍了一个名叫 Glide 的图片加载库,作者是bumptech. Glide是一种快速.高效的开源媒体管理和Android的包裹mediadecoding图像加载框架,内 ...