Run the executable within the specified context, using custom home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
-h homedir Alternate homedir to be used by the application. Homedir must be owned by the user
-t tmpdir Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user
-r runuserdir Use alternate temporary directory to mount on XDG_RUNTIME_DIR (/run/user/$UID). runuserdir must be owned by the user
-C --capabilities Allow apps executed within the namespace to use capabilities. Default is no capabilities
-k --kill Kill all processes with matching MCS level
-Z context Use alternate SELinux context while running the executable
-v Verbose output
Run bash with temporary /home and /tmp directory # USERHOMEDIR=`mktemp -d /tmp/home.XXXXXX`; USERTEMPDIR=`mktemp -d /tmp/temp.XXXXXX` # seunshare -v -h ${USERHOMEDIR} -t ${USERTEMPDIR} -- /bin/bash"SEE ALSO"runcon(1), sandbox(8), selinux(8)
AUTHORThis manual page was written by Dan Walsh <[email protected]> and Thomas Liu <[email protected]>