To make a persistent namespace with unshare
you use the syntax:
touch /root/mynetns1
unshare --net==/root/mynetns1
To make a persistent namespace with ip
you use the syntax:
ip netns add mynetns2
The ip
command does not list or can access the namespace made by unshare
and vice versa.
The ip
command is much better at customizing a network namespace, but the unshare
command allows you to launch a program with multiple different namespaces. Ideally I would create a namespace with ip
, but launch the command with other namespaces with unshare
. To do this unshare
would need to be able to reference the namespace created by ip
, how can this be done?
Right now I am using ip netns exec mynetns1 unshare [other namespaces] ...
as a hack, but id prefer launch more cleanly with unshare
.
I'd also like to be able to have my program possible interact with network namespaces they individually create, so information regarding how to list and access their network namespaces would also be helpful.
CodePudding user response:
Both unshare --net=/somefile
and ip netns add somename
create a new network namespace and bind-mount it to somewhere. The only difference is that unshare
bind-mounts it to whatever file you specify, and ip
bind-mounts it to a new file in /var/run/netns/
. In other words, if you used /var/run/netns/mynetns1
in place of /root/mynetns1
, then you could later interact with it with ip
.