Rust Unshare
============

*Status:* 90% feature-complete, works in production in [lithos][1] and powers [vagga][2]

[Github](https://github.com/tailhook/unshare) |
[Documentaion](http://docs.rs/unshare) |
[Crate](https://crates.io/crates/unshare)

Unshare is a low-level library to create linux containers.

It contains the following:

* Process creation interface similar to `std::process::Command`
* Unsharing arbitrary linux namespaces
* Ability to change root (`chroot/pivot_root`), `uid`, `gid`, `gid_map`
* Some signal mask handling (especially for new processes)
* Forwarding file descriptors and other unixy stuff (sessions, terminals)
* Setting few important prctl flags (`PR_SET_PDEATHSIG`)
* Runs both as root user and as unprivileged user

Not implemeneted yet:

* Fine grained capabilities control (currently you may change user or use
  user namespaces)

The following is considered:

* Capture input (should be, because part of ``std::process`` interface)
* Pseudo tty creation for child
* The `unshare` and `setns`

The following is out of scope:

* mounting file systems
* setting up network
* in-container and out of container supervision
* handing child signals

[1]: http://lithos.readthedocs.org
[2]: http://vagga.readthedocs.org


License
=======

Licensed under either of

 * Apache License, Version 2.0, (./LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
 * MIT license (./LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution
------------

Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be dual licensed as above, without any additional terms or
conditions.