@@ -590,6 +590,44 @@ process and user.
590590 See the documentation for :func: `getgroups ` for cases where it may not
591591 return the same group list set by calling setgroups().
592592
593+ .. function :: setns(fd, nstype=0)
594+
595+ Reassociate the current thread with a Linux namespace.
596+ See the :manpage: `setns(2)` and :manpage: `namespaces(7)` man pages for more
597+ details.
598+
599+ If *fd * refers to a :file: `/proc/{ pid } /ns/ ` link, ``setns() `` reassociates the
600+ calling thread with the namespace associated with that link,
601+ and *nstype * may be set to one of the
602+ :ref: `CLONE_NEW* constants <os-unshare-clone-flags >`
603+ to impose constraints on the operation
604+ (``0 `` means no constraints).
605+
606+ Since Linux 5.8, *fd * may refer to a PID file descriptor obtained from
607+ :func: `~os.pidfd_open `. In this case, ``setns() `` reassociates the calling thread
608+ into one or more of the same namespaces as the thread referred to by *fd *.
609+ This is subject to any constraints imposed by *nstype *,
610+ which is a bit mask combining one or more of the
611+ :ref: `CLONE_NEW* constants <os-unshare-clone-flags >`,
612+ e.g. ``setns(fd, os.CLONE_NEWUTS | os.CLONE_NEWPID) ``.
613+ The caller's memberships in unspecified namespaces are left unchanged.
614+
615+ *fd * can be any object with a :meth: `~io.IOBase.fileno ` method, or a raw file descriptor.
616+
617+ This example reassociates the thread with the ``init `` process's network namespace::
618+
619+ fd = os.open("/proc/1/ns/net", os.O_RDONLY)
620+ os.setns(fd, os.CLONE_NEWNET)
621+ os.close(fd)
622+
623+ .. availability :: Linux >= 3.0 with glibc >= 2.14.
624+
625+ .. versionadded :: 3.12
626+
627+ .. seealso ::
628+
629+ The :func: `~os.unshare ` function.
630+
593631.. function :: setpgrp()
594632
595633 Call the system call :c:func: `setpgrp ` or ``setpgrp(0, 0) `` depending on
@@ -756,6 +794,49 @@ process and user.
756794 The function is now always available and is also available on Windows.
757795
758796
797+ .. function :: unshare(flags)
798+
799+ Disassociate parts of the process execution context, and move them into a
800+ newly created namespace.
801+ See the :manpage: `unshare(2)`
802+ man page for more details.
803+ The *flags * argument is a bit mask, combining zero or more of the
804+ :ref: `CLONE_* constants <os-unshare-clone-flags >`,
805+ that specifies which parts of the execution context should be
806+ unshared from their existing associations and moved to a new namespace.
807+ If the *flags * argument is ``0 ``, no changes are made to the calling process's
808+ execution context.
809+
810+ .. availability :: Linux >= 2.6.16.
811+
812+ .. versionadded :: 3.12
813+
814+ .. seealso ::
815+
816+ The :func: `~os.setns ` function.
817+
818+ .. _os-unshare-clone-flags :
819+
820+ Flags to the :func: `unshare ` function, if the implementation supports them.
821+ See :manpage: `unshare(2)` in the Linux manual
822+ for their exact effect and availability.
823+
824+ .. data :: CLONE_FILES
825+ CLONE_FS
826+ CLONE_NEWCGROUP
827+ CLONE_NEWIPC
828+ CLONE_NEWNET
829+ CLONE_NEWNS
830+ CLONE_NEWPID
831+ CLONE_NEWTIME
832+ CLONE_NEWUSER
833+ CLONE_NEWUTS
834+ CLONE_SIGHAND
835+ CLONE_SYSVSEM
836+ CLONE_THREAD
837+ CLONE_VM
838+
839+
759840.. _os-newstreams :
760841
761842File Object Creation
0 commit comments