NAME
    Sys::Linux::Namespace - A Module for setting up linux namespaces

SYNOPSIS
        use Sys::Linux::Namespace;
    
        # Create a namespace with a private /tmp
        my $ns1 = Sys::Linux::Namespace->new(private_tmp => 1);
    
        $ns1->setup(code => sub {
            # This code has it's own completely private /tmp filesystem
            open(my $fh, "</tmp/private");
            print $fh "Hello Void";
        }); 
    
        # The private /tmp has been destroyed and we're back to our previous state
    
        # Let's do it again, but this time with a private PID space too
        my $ns2 = Sys::Linux::Namespace->new(private_tmp => 1, private_pid => 1);
        $ns2->setup(code => sub {
            # I will only see PID 1.  I can fork anything I want and they will only see me
            # if I die they  die too.
            use Data::Dumper;
            print Dumper([glob "/proc/*"]);
        });
        # We're back to our previous global /tmp and PID namespace
        # all processes and private filesystems have been removed
    
        # Now let's set up a private /tmp 
        $ns1->setup();
        # We're now permanently (for this process) using a private /tmp.

REQUIREMENTS
    This module requires your script to have CAP_SYS_ADMIN, usually by
    running as "root". Without that it will fail to setup the namespaces and
    cause your program to exit.

METHODS
  "new"
    Construct a new Sys::Linux::Namespace object. This collects all the
    options you want to enable, but does not engage them.

    All arguments are passed in like a hash.

    code
     A coderef to run when setting up the namespaces. This gets run in a
     child process that's isolated from the parent. If you don't pass one in
     during construction or to "setup" then the namespace changes will
     happen to the current process.

    private_mount
     Setup a private mount namespace, this makes every currently mounted
     filesystem private to our process. This means we can unmount and mount
     new filesystems without other processes seeing the mounts.

    private_tmp
     Sets up the private mount namespace as above, but also automatically
     sets up /tmp to be a clean private tmpfs mount. Takes either a true
     value, or a hashref with options to pass to the mount syscall. See "man
     8 mount" for a list of possible options.

    private_pid
     Create a private PID namespace. This requires a "code" parameter either
     to "new()" or to "setup()"

    private_net
     TODO This is not yet implemented. Once done however, it will allow a
     child process to execute with a private network preventing
     communication. Will require a "code" parameter to "new()" or "setup".

    private_ipc
     Create a private IPC namespace.

    private_user
     Create a new user namespace. See "man 7 user_namespaces" for more
     information.

    private_uts
     Create a new UTS namespace. This will let you safely change the
     hostname of the system without affect anyone else.

    private_sysvsem
     Create a new System V Semaphore namespace. This will let you create new
     semaphores without anyone else touching them.

  "setup"
    Engage the namespaces with all the configured options.

    All arguments are passed by name like a hash.

    You may pass in a "code" parameter to run in a child process, this
    overrides one provided during construction.

    Any other parameters are passed through to your coderef if present.

AUTHOR
    Ryan Voots simcop@cpan.org <mailto:SIMCOP@cpan.org>