2019-05-31 19:21:47 +00:00
% podman-unshare(1)
2019-04-21 10:52:50 +00:00
## NAME
2019-08-30 14:09:50 +00:00
podman\-unshare - Run a command inside of a modified user namespace
2019-04-21 10:52:50 +00:00
## SYNOPSIS
Docs: consistency between man / --help
New functionality in hack/man-page-checker: start cross-
referencing the man page 'Synopsis' line against the
output of 'podman foo --help'. This is part 1, flag/option
consistency. Part 2 (arg consistency) is too big and will
have to wait for later.
flag/option consistency means: if 'podman foo --help'
includes the string '[flags]' in the Usage message,
make sure the man page includes '[*options*]' in its
Synopsis line, and vice-versa. This found several
inconsistencies, which I've fixed.
While doing this I realized that Cobra automatically
includes a 'Flags:' subsection in its --help output
for all subcommands that have defined flags. This
is great - it lets us cross-check against the
usage synopsis, and make sure that '[flags]' is
present or absent as needed, without fear of
human screwups. If a flag-less subcommand ever
gets extended with flags, but the developer forgets
to add '[flags]' and remove DisableFlagsInUseLine,
we now have a test that will catch that. (This,
too, caught two instances which I fixed).
I don't actually know if the new man-page-checker
functionality will work in CI: I vaguely recall that
it might run before 'make podman' does; and also
vaguely recall that some steps were taken to remedy
that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-06-24 16:16:59 +00:00
**podman unshare** [*--*] [*command*]
2019-04-21 10:52:50 +00:00
## DESCRIPTION
Launches a process (by default, *$SHELL* ) in a new user namespace. The user
namespace is configured so that the invoking user's UID and primary GID appear
to be UID 0 and GID 0, respectively. Any ranges which match that user and
2020-01-23 11:59:21 +00:00
group in `/etc/subuid` and `/etc/subgid` are also mapped in as themselves with the
2019-04-21 10:52:50 +00:00
help of the *newuidmap(1)* and *newgidmap(1)* helpers.
2020-01-23 11:59:21 +00:00
**podman unshare** is useful for troubleshooting unprivileged operations and for
2019-04-21 10:52:50 +00:00
manually clearing storage and other data related to images and containers.
2020-01-23 11:59:21 +00:00
It is also useful if you want to use the **podman mount** command. If an unprivileged user wants to mount and work with a container, then they need to execute
**podman unshare**. Executing **podman mount** fails for unprivileged users unless the user is running inside a **podman unshare** session.
2019-04-21 10:52:50 +00:00
2019-05-16 14:31:08 +00:00
The unshare session defines two environment variables:
2020-01-23 11:59:21 +00:00
- **CONTAINERS_GRAPHROOT**: the path to the persistent container's data.
- **CONTAINERS_RUNROOT**: the path to the volatile container's data.
2019-05-16 14:31:08 +00:00
2019-04-21 10:52:50 +00:00
## EXAMPLE
```
$ podman unshare id
uid=0(root) gid=0(root) groups=0(root),65534(nobody)
$ podman unshare cat /proc/self/uid_map /proc/self/gid_map
0 1000 1
1 10000 65536
0 1000 1
1 10000 65536
```
## SEE ALSO
2019-05-16 14:31:08 +00:00
podman(1), podman-mount(1), namespaces(7), newuidmap(1), newgidmap(1), user\_namespaces(7)