.\" Automatically generated by Pandoc 3.1.3
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "RPM-UNSHARE" "8" "15 Sep 2023" "" ""
.hy
.SH NAME
.PP
rpm-plugin-unshare - Unshare plugin for the RPM Package Manager
.SH Description
.PP
This plugin allows using various Linux-specific namespace-related
technologies inside transactions, such as to harden and limit scriptlet
access to resources.
.SH Configuration
.PP
This plugin implements the following configurables:
.TP
\f[V]%__transaction_unshare_paths\f[R]
A colon-separated list of paths to privately mount during scriptlet
execution.
Typical examples would be \f[V]/tmp\f[R] to protect against insecure
temporary file usage inside scriptlets, and \f[V]/home\f[R] to prevent
scriptlets from accessing user home directories.
.TP
\f[V]%__transaction_unshare_nonet\f[R]
Non-zero value disables network access during scriptlet execution.
.PP
See \f[B]rpm-plugins\f[R](8) on how to control plugins in general.
.SH SEE ALSO
.PP
\f[B]dbus-monitor\f[R](1), \f[B]rpm-plugins\f[R](8)