Search code examples
dockerkubernetesnamespacesnetwork-programminglinux-namespaces

How do `ip netns` and `unshare` save their persistent network namespaces? Can they use each others?


To make a persistent namespace with unshare you use the syntax:

touch /root/mynetns1
unshare --net==/root/mynetns1

To make a persistent namespace with ip you use the syntax:

ip netns add mynetns2

The ip command does not list or can access the namespace made by unshare and vice versa.

The ip command is much better at customizing a network namespace, but the unshare command allows you to launch a program with multiple different namespaces. Ideally I would create a namespace with ip, but launch the command with other namespaces with unshare. To do this unshare would need to be able to reference the namespace created by ip, how can this be done?

Right now I am using ip netns exec mynetns1 unshare [other namespaces] ... as a hack, but id prefer launch more cleanly with unshare.

I'd also like to be able to have my program possible interact with network namespaces they individually create, so information regarding how to list and access their network namespaces would also be helpful.


Solution

  • Both unshare --net=/somefile and ip netns add somename create a new network namespace and bind-mount it to somewhere. The only difference is that unshare bind-mounts it to whatever file you specify, and ip bind-mounts it to a new file in /var/run/netns/. In other words, if you used /var/run/netns/mynetns1 in place of /root/mynetns1, then you could later interact with it with ip.