NSENTER(1) NSENTER(1) nsenter - nsenter [] [ []] nsenter , ( ). , <<${SHELL}>> (, /bin/sh). : mount namespace , , ( mount --make-shared; . /proc/self/mountinfo shared). , . mount_namespaces(7) CLONE_NEWNS clone(2). UTS namespace . , . uts_namespaces(7). IPC namespace POSIX, System V, '. , ipc_namespaces(7). network namespace IPv4 IPv6, IP-, , /proc/net /sys/class/net, . , . network_namespaces(7). PID namespace PID ' nsenter. nsenter, , PID, , PID, . --no-fork, exec . , pid_namespaces(7). user namespace UID, GID . , user_namespaces(7). cgroup namespace /proc/self/cgroup cgroup cgroup . , cgroup_namespaces(7). time namespace CLOCK_MONOTONIC / CLOCK_BOOTTIME, /proc/self/timens_offsets. , time_namespaces(7). , , , , . /proc/[pid]/ns/*, namespaces(7), ', . -a, --all /proc/[pid]/ns/*. (, --all --mount=[]). , . , setns(). . setns(2), . -t, --target PID . , pid, : /proc/pid/ns/mnt /proc/pid/ns/uts UTS /proc/pid/ns/ipc IPC /proc/pid/ns/net /proc/pid/ns/pid PID /proc/pid/ns/user /proc/pid/ns/cgroup cgroup /proc/pid/ns/time /proc/pid/root /proc/pid/cwd -m, --mount[=] mount. , mount . , mount, . -u, --uts[=] UTS. , UTS . , UTS, . -i, --ipc[=] IPC. , IPC . , IPC, . -n, --net[=] . , . , , . -N, --net-socket Enter the network namespace of the target process's socket. It requires --target process specified. Supported since Linux 5.6. -p, --pid[=] PID. , PID . , PID, . -U, --user[=] . , . , , . . --setuid --setgid. --user-parent Enter the parent user namespace. Parent user namespace will be acquired from any other enabled namespace. If combined with --user option the parent user namespace will be fetched from the user namespace and replace it. -C, --cgroup[=] cgroup. , cgroup . , cgroup, . -T, --time[=] time. , time . , time, . -G, --setgid gid , , , . nsenter , 0. "follow", GID . -S, --setuid uid , , . nsenter , 0. "follow", GID . --keep-caps When the --user option is given, ensure that capabilities granted in the user namespace are preserved in the child process. --preserve-credentials UID GID . GID UID 0. -r, --root[=] . , . , . , . -w, --wd[=] . , . , . . , <<>> . . --wdns. -W, --wdns[=] . chroot(2). --wd --wdns . -e, --env Pass environment variables from the target process to the new process being created. If this option is not provided, the environment variables will remain the same as in the current namespace.. -F, --no-fork exec . , PID nsenter fork exec, , - PID, . -Z, --follow-context SELinux, , PID --target. (util-linux SELinux, .) -c, --join-cgroup Add the initiated process to the cgroup of the target process. -h, --help . -V, --version . The --user-parent option requires Linux 4.9 or higher, older kernels will raise inappropriate ioctl for device error. Eric Biederman , Karel Zak clone(2), setns(2), namespaces(7) nsenter util-linux, Linux . util-linux 2.41 2025-03-29 NSENTER(1)