run program with some namespaces unshared from parent


unshare [options] program [arguments]

Unshares specified namespaces from parent process and then executes specified program. Unshareable namespaces are:
mount namespace

mounting and unmounting filesystems will not affect rest of the system (CLONE_NEWNS flag),

UTS namespace

setting hostname, domainname will not affect rest of the system (CLONE_NEWUTS flag),

IPC namespace

process will have independent namespace for System V message queues, semaphore sets and shared memory segments (CLONE_NEWIPC flag),

network namespace

process will have independent IPv4 and IPv6 stacks, IP routing tables, firewall rules, the /proc/net and /sys/class/net directory trees, sockets etc. (CLONE_NEWNET flag).

See the clone(2) for exact semantics of the flags.


-h, --help

Print a help message,

-m, --mount

Unshare the mount namespace,

-u, --uts

Unshare the UTS namespace,

-i, --ipc

Unshare the IPC namespace,

-n, --net

Unshare the network namespace.


The unshare command is part of the util-linux package and is available from


The unshare command drops potential privileges before executing the target program. This allows to setuid unshare.


None known so far.

see also

unshare, clone


Mikhail Gusarov <dottedmag[:at:]dottedmag[:dot:]net>

