.\" Generated by scdoc 1.11.4
.\" Complete documentation for this program is not available as a GNU info page
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.nh
.ad l
.\" Begin generated content:
.TH "RPM-PLUGIN-UNSHARE" "8" "2026-01-08" "RPM 6.0.1"
.PP
.SH NAME
.PP
rpm-plugin-unshare - Unshare plugin for the RPM Package Manager
.PP
.SH DESCRIPTION
.PP
This plugin allows using various Linux-specific namespace-related
technologies inside transactions, such as to harden and limit
scriptlet access to resources.\&
.PP
.SH CONFIGURATION
.PP
This plugin implements the following configurables:
.PP
%__transaction_unshare_paths
.PP
.RS 4
A colon-separated list of paths to privately mount during scriptlet
execution.\& Typical examples would be `/tmp` to protect against
insecure temporary file usage inside scriptlets, and `/home` to
prevent scriptlets from accessing user home directories.\&
When path unsharing is enabled, any mounts made from scriptlets
are also private to the scriptlet (and vice versa, mount changes
on the host are not visible to the scriptlet).\&
.PP
Private mounts in chroot-operations is unimplemented.\&
.PP
.RE
%__transaction_unshare_nonet
.PP
.RS 4
Non-zero value disables network access during scriptlet execution.\&
.PP
.RE
See \fBrpm-plugins\fR(8) on how to control plugins in general.\&
.PP
.SH SEE ALSO
.PP
\fBdbus-monitor\fR(1), \fBrpm-plugins\fR(8)