NAME

Sys::Linux::Namespace - A Module for setting up linux namespaces

SYNOPSIS

use Sys::Linux::Namespace;

# Create a namespace with a private /tmp
my $ns1 = Sys::Linux::Namespace->new(private_tmp => 1);

$ns1->setup(code => sub {
    # This code has it's own completely private /tmp filesystem
    open(my $fh, "</tmp/private");
    print $fh "Hello Void";
});	

# The private /tmp has been destroyed and we're back to our previous state

# Let's do it again, but this time with a private PID space too
my $ns2 = Sys::Linux::Namespace->new(private_tmp => 1, private_pid => 1);
$ns2->setup(code => sub {
    # I will only see PID 1.  I can fork anything I want and they will only see me
    # if I die they  die too.
    use Data::Dumper;
    print Dumper([glob "/proc/*"]);
});
# We're back to our previous global /tmp and PID namespace
# all processes and private filesystems have been removed

# Now let's set up a private /tmp 
$ns1->setup();
# We're now permanently (for this process) using a private /tmp.

REQUIREMENTS

This module requires your script to have CAP_SYS_ADMIN, usually by running as root. Without that it will fail to setup the namespaces and cause your program to exit.

METHODS

`new`

Construct a new Sys::Linux::Namespace object. This collects all the options you want to enable, but does not engage them.

All arguments are passed in like a hash.

code: A coderef to run when setting up the namespaces. This gets run in a child process that's isolated from the parent. If you don't pass one in during construction or to setup then the namespace changes will happen to the current process.
private_mount: Setup a private mount namespace, this makes every currently mounted filesystem private to our process. This means we can unmount and mount new filesystems without other processes seeing the mounts.
private_tmp: Sets up the private mount namespace as above, but also automatically sets up /tmp to be a clean private tmpfs mount. Takes either a true value, or a hashref with options to pass to the mount syscall. See man 8 mount for a list of possible options.
private_pid: Create a private PID namespace. This requires a code parameter either to new() or to setup()
private_net: TODO This is not yet implemented. Once done however, it will allow a child process to execute with a private network preventing communication. Will require a code parameter to new() or setup.
private_ipc: Create a private IPC namespace.
private_user: Create a new user namespace. See man 7 user_namespaces for more information.
private_uts: Create a new UTS namespace. This will let you safely change the hostname of the system without affect anyone else.
private_sysvsem: Create a new System V Semaphore namespace. This will let you create new semaphores without anyone else touching them.

`setup`

Engage the namespaces with all the configured options.

All arguments are passed by name like a hash.

You may pass in a code parameter to run in a child process, this overrides one provided during construction.

Any other parameters are passed through to your coderef if present.

AUTHOR

Ryan Voots simcop@cpan.org

To install Sys::Linux::Namespace, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Sys::Linux::Namespace

CPAN shell

perl -MCPAN -e shell
install Sys::Linux::Namespace

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)