Namespace-Magic: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
The namespaces have been around for long time however, it still feel magic. So I start a page to enable magic, in 2019. As time pass it may not be magic anymore or even may become obsolete. An [https://github.com/libreswan/libreswan/commit/16a97349952373734e41d9185d6b7c84b20d858c#diff-4f87e254860291fdfb0a76d4d2ea7f73 early attempt in Libreswan] with Paul. | The namespaces have been around for long time however, it still feel magic. So I start a page to enable magic, in 2019. As time pass it may not be magic anymore or even may become obsolete. An [https://github.com/libreswan/libreswan/commit/16a97349952373734e41d9185d6b7c84b20d858c#diff-4f87e254860291fdfb0a76d4d2ea7f73 early attempt in Libreswan] with Paul. | ||
=FAQ= | |||
* How detect from inside the namespace | * How detect from inside the namespace | ||
* one way seems to look at eth0. inside namespace "eth1@if107" kvm "eth0:" | * one way seems to look at eth0. inside namespace "eth1@if107" kvm "eth0:" |
Revision as of 13:43, 25 February 2019
The namespaces have been around for long time however, it still feel magic. So I start a page to enable magic, in 2019. As time pass it may not be magic anymore or even may become obsolete. An early attempt in Libreswan with Paul.
FAQ
- How detect from inside the namespace
* one way seems to look at eth0. inside namespace "eth1@if107" kvm "eth0:"
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:9e:81:71 brd ff:ff:ff:ff:ff:ff </rep> * How find veth's peer inside namespace from a host : link-netns <pre> on the host ip link output: 107: hweste164512@if106: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brswan12-64512 state UP mode DEFAULT group default qlen 1000 link/ether 4a:34:cd:0e:0c:13 brd ff:ff:ff:ff:ff:ff link-netns west-ikev2-03-basic-rawrsa from inside the name space 106: eth1@if107: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 02:10:c8:8e:d2:7e brd ff:ff:ff:ff:ff:ff link-netnsid 0 from the host you get the name space name: "link-netns west-ikev2-03-basic-rawrsa" for exaactly which interface from "ip link" you see "106: eth1@if107", "107: hweste164512@if106"
iptable need -w option
sudo /usr/bin/nsenter --mount=/run/mountns/west-nstest-4 --net=/run/netns/west-nstest-4 --uts=/run/utsns/west-nstest-4 /bin/bash -c 'cd /testing/pluto/nstest-4;iptables -I INPUT -m policy --dir in --pol ipsec -j ACCEPT ' Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
would this work on foo 7/CentOS7: not yet too old util-linux
unshare and or nsenter do not suppor --mount[=file] option.
seems to be some options.
fedora 28 unshare -V unshare from util-linux 2.32.1 -m, --mount[=file] Unshare the mount namespace. If file is specified, then a persistent namespace is cre‐ated by a bind mount ---- old one foo 7 ----- unshare -V unshare from util-linux 2.23.2 -m, --mount Unshare the mount namespace.