Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Util for running commands in a separate linux filesystem namespace.
C Makefile
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
debian
COPYING
Makefile
README.org
separate-ns.c

README.org

What is it

Small util starting a command in a separate (linux) filesystem namespace, optionally creating a number of bindmounts in that namespace.

Not unlike the “untie” command.

The goal is to be small and simple to not to be too scary giving suid root. But that doesn’t mean it is fully secure.

Compiling

$ make
$ sudo make install

Usage

$ separate-ns --bind something=/tmp/myprivate-something --bind other=/tmp/x command arg arg

Configuration

Valid mount points are configured using symlinks in etc/separate-ns. E.g to allow:

$ separate-ns --bind foo=/tmp/x bash

there must be a symlink in etc/separate-ns named foo, pointing to the actual mountpoint. So if /etc/separate-ns/foo is a symlink to /var/foo the command would run bash in a separate filesystem namespace that has an extra bind mount at /var/foo pointing to /tmp/x

Something went wrong with that request. Please try again.