man7.org > Linux > man-pages

Linux/UNIX system programming training

seunshare(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | EXAMPLE | SEE ALSO | AUTHOR | COLOPHON 

SEUNSHARE(8)                  User Commands                  SEUNSHARE(8)

NAME         top

       seunshare - Run cmd with alternate homedir, tmpdir and/or SELinux
       context

SYNOPSIS         top

       seunshare [ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z
       context ] -- executable [args]

DESCRIPTION         top

       Run the executable within the specified context, using custom home
       directory and /tmp directory. The seunshare command unshares from
       the default namespace, then mounts the specified homedir and
       tmpdir over the default homedir and /tmp. Finally it tells the
       kernel to execute the application under the specified SELinux
       context.

       -h homedir
              Alternate homedir to be used by the application. Homedir
              must be owned by the user

       -t tmpdir
              Use alternate temporary directory to mount on /tmp. tmpdir
              must be owned by the user

       -r runuserdir
              Use alternate temporary directory to mount on
              XDG_RUNTIME_DIR (/run/user/$UID). runuserdir must be owned
              by the user

       -C --capabilities
              Allow apps executed within the namespace to use
              capabilities. Default is no capabilities

       -k --kill
              Kill all processes with matching MCS level

       -Z context
              Use alternate SELinux context while running the executable

       -v     Verbose output

EXAMPLE         top

       Run bash with temporary /home and /tmp directory
       # USERHOMEDIR=`mktemp -d /tmp/home.XXXXXX`; USERTEMPDIR=`mktemp -d /tmp/temp.XXXXXX`
       # seunshare -v -h ${USERHOMEDIR} -t ${USERTEMPDIR} -- /bin/bash

SEE ALSO         top

       runcon(1),
              sandbox(8), selinux(8)

AUTHOR         top

       This manual page was written by Dan Walsh <dwalsh@redhat.com> and
       Thomas Liu <tliu@fedoraproject.org>

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the project
       can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.
       If you have a bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2025-02-02.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2025-01-29.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there is
       a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

seunshare                        May 2010                    SEUNSHARE(8)

Pages that refer to this page: sandbox(8)

HTML rendering created 2025-02-02 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI