NAME
nsenter - run program in different namespaces
SYNOPSIS
nsenter [options] [program [arguments]]
DESCRIPTION
The nsenter command executes program in the namespace(s) that are specified in the command-line options (described below). If program is not given, then "${SHELL}" is run (default: /bin/sh).
Enterable namespaces are:
mount namespace
UTS namespace
IPC namespace
network namespace
PID namespace
user namespace
cgroup namespace
time namespace
OPTIONS
Various of the options below that relate to namespaces take an optional file argument. This should be one of the /proc/[pid]/ns/* files described in namespaces(7), or the pathname of a bind mount that was created on one of those files.
-a, --all
The user namespace will be ignored if the same as the caller’s current user namespace. It prevents a caller that has dropped capabilities from regaining those capabilities via a call to setns(). See setns(2) for more details.
-t, --targetPID
/proc/pid/ns/mnt
/proc/pid/ns/uts
/proc/pid/ns/ipc
/proc/pid/ns/net
/proc/pid/ns/pid
/proc/pid/ns/user
/proc/pid/ns/cgroup
/proc/pid/ns/time
/proc/pid/root
/proc/pid/cwd
-m, --mount[=file]
-u, --uts[=file]
-i, --ipc[=file]
-n, --net[=file]
-N, --net-socketfd
-p, --pid[=file]
-U, --user[=file]
--user-parent
-C, --cgroup[=file]
-T, --time[=file]
-G, --setgidgid
-S, --setuiduid
--keep-caps
--preserve-credentials
-r, --root[=directory]
-w, --wd[=directory]
-W, --wdns[=directory]
-e, --env
-F, --no-fork
-Z, --follow-context
-c, --join-cgroup
-h, --help
-V, --version
NOTES
The --user-parent option requires Linux 4.9 or higher, older kernels will raise inappropriate ioctl for device error.
AUTHORS
Eric Biederman <[email protected]>, Karel Zak <[email protected]>
SEE ALSO
clone(2), setns(2), namespaces(7)
REPORTING BUGS
For bug reports, use the issue tracker <https://github.com/util-linux/util-linux/issues>.
AVAILABILITY
The nsenter command is part of the util-linux package which can be downloaded from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-linux/>.