Stack Overflow
Stack Overflow

Questions tagged [linux-namespaces]

For questions regarding Linux kernel's namespaces mechanism.

143 questions
71
votes
4 answers

docker networking namespace not visible in ip netns list

When I create a new docker container like with docker run -it -m 560m --cpuset-cpus=1,2 ubuntu sleep 120 and check its namespaces, I can see that new namespaces have been created (example for pid 7047). root@dude2:~# ls /proc/7047/ns -la total…
christian
  • 9,412
  • 10
  • 41
  • 51
52
votes
3 answers

Difference between KVM and LXC

What is the difference between KVM and Linux Containers (LXCs)? To me it seems, that LXC is also a way of creating multiple VMs within the same kernel if we use both "namespaces" and "control groups" features of kernel.
JuliandotNut
  • 1,169
  • 1
  • 12
  • 22
39
votes
2 answers

unshare --pid /bin/bash - fork cannot allocate memory

I'm experimenting with linux namespaces. Specifically the pid namespace. I thought I'd test something out with bash but run into this problem: unshare -p /bin/bash bash: fork: Cannot allocate memory Running ls from there gave a core dump. Exit is…
hookenz
  • 36,432
  • 45
  • 177
  • 286
26
votes
2 answers

Linux - understanding the mount namespace & clone CLONE_NEWNS flag

I am reading the mount & clone man page. I want to clarify how CLONE_NEWNS effects the view of file system for the child process. (File hierarchy) Lets consider this tree to be the directory hierarchy. Lets says 5 & 6 are mount points in the…
Jake
  • 16,329
  • 50
  • 126
  • 202
20
votes
4 answers

'unshare' does not work as expected in C api

This sequence of commands works: unshare --fork --pid --mount umount /proc mount -t proc proc /proc umount /dev/pts mount -t devpts devpts /dev/pts However, the corresponding C program does not work as expected (it seems it does not unmount the…
ocirocir
  • 3,543
  • 2
  • 24
  • 34
20
votes
2 answers

How to create multiple network namespace from a single process instance

I am using following C function to create multiple network namespaces from a single process instance: void create_namespace(const char *ns_name) { char ns_path[100]; snprintf(ns_path, 100, "%s/%s", "/var/run/netns", ns_name); …
user389238
  • 1,656
  • 3
  • 19
  • 40
14
votes
1 answer

How can dhclient be made namespace aware?

I am using namespaces to separate a few physical interfaces on a server. The routing works perfectly. Also I have a folder for each namespace in /etc/netns/ e.g. /etc/netns/namespaceA/resolv.conf so that DNS works fine as well. The problem arises…
Jimmy88
  • 283
  • 3
  • 7
12
votes
3 answers

Why Does Podman Report "Not enough IDs available in namespace" with different UIDs?

Facts: Rootless podman works perfectly for uid 1480 Rootless podman fails for uid 2088 CentOS 7 Kernel 3.10.0-1062.1.2.el7.x86_64 podman version 1.4.4 Almost the entire environment has been removed between the two The filesystem for /tmp is xfs The…
Rob Paisley
  • 437
  • 1
  • 3
  • 13
11
votes
1 answer

How to list all network links in all namespaces in Linux

As I know, in a Linux shell environment, I could list the networks links in any specific namespace with ip, like: ip netns exec ip link show My question is: If I have multiple net namespaces, how to list all the links in all the…
Qiu Yangfan
  • 871
  • 11
  • 25
10
votes
3 answers

How to check if Linux user namespaces are supported by current OS kernel

After doing some reading, I found that Linux user namespaces are generally supported in Linux versions >= 3.8. However, there's a possibility that user namespaces are disabled on a given OS, making the check for kernel versions unreliable. Is there…
Jonathan Ng
  • 101
  • 1
  • 1
  • 3
10
votes
1 answer

grantpt report error after unshare

I have a small program, which tries to create a pseudoterminal after unshare. the output is: uid before unshare:5000 uid after unshare:0 Grant pt Error: : Permission denied The Code: #define _GNU_SOURCE #include #include…
Sven
  • 103
  • 4
9
votes
1 answer

Propagate a mount from child namespace to the parent namespace?

How do I propagate a mount created in a child namespace to the parent? Details I am trying to create a tool leveraging overlayfs for allowing writes over a read only directory. The tricky bit is that I would like any user to be able to use it…
Brandon Ogle
  • 715
  • 1
  • 8
  • 23
8
votes
3 answers

Anti-virus in docker container - does fanotify works between host and container?

I need to implement anti-virus on-access scanning solution for files inside docker containers using open-source software. Clamav On-Access works fine but have some requirements and limitations: require CAP_SYS_ADMIN capability for working inside a…
mva
  • 384
  • 1
  • 5
  • 12
8
votes
1 answer

Why unshare(CLONE_NEWNET) requires CAP_SYS_ADMIN?

I'm playing with linux namespaces and I've noticed that if a user wants to execute a process in a new network namespace (without using user namespaces) he needs to be root or have the CAP_SYS_ADMIN capability. The unshare(2) manpage…
SpectralWave
  • 971
  • 9
  • 18
6
votes
1 answer

How do `ip netns` and `unshare` save their persistent network namespaces? Can they use each others?

To make a persistent namespace with unshare you use the syntax: touch /root/mynetns1 unshare --net==/root/mynetns1 To make a persistent namespace with ip you use the syntax: ip netns add mynetns2 The ip command does not list or can access the…
Liam Kelly
  • 3,524
  • 1
  • 17
  • 41
1
2 3
9 10