Questions tagged [namespace]
Questions relating to Linux namespaces, including commands such as: unshare and ip netns. Namespaces support isolation of filesystems, system names, IPC, processes, networks, and users. Closely related to the docker and lxc tags; use those tags instead of this one if you are simply using docker or lxc to implement namespaces.
314 questions
1 vote
1 answer
83 views
How to run tmux session under network namespace
If there are no sessions (eg tmux a returns "no sessions") a call to start tmux under a namespace (eg sudo ip netns exec ns1 tmux new -s test) will have the shells within (even newly spawned ...
- 214
0 votes
1 answer
77 views
CONFIG_NAMESPACES, CONFIG_USER_NS, and user.max_*_namespaces
I once asked how Linux namespaces could be disabled without recompiling. One of the comments asked if I meant without building with CONFIG_USER_NS=n and the answer my question received said to set to ...
- 4,496
1 vote
1 answer
100 views
Process can't create tun/tap when run as non-root systemd --user service even with CAP_NET_ADMIN
I'm trying to run nebula (an overlay networking tool) as a systemd user service, NOT as a system service with user and group defined in the unit file. All examples about running a service with ...
- 11
3 votes
1 answer
199 views
How to view the ID mapping of a mount on Linux?
For a while, Linux has been supporting ID-mapped mounts. The mount(1) manpage tells us that these can be set up using the X-mount.idmap option. But how can we view the ID mapping of an existing mount? ...
- 601
0 votes
0 answers
43 views
Cross-namespace mounts from A to B when all processes leave A
Suppose mount namespace A looks like / lower/ overlay/ upper/ work/ and we run mount -o upperdir=/upper,lowerdir=/lower,workdir=/work -t overlay overlay /overlay and we copy the mount at /...
- 4,496
1 vote
0 answers
44 views
Linux mount namespaces - umount event propagates unexpectedly
I was reading about mount namespaces and encountered something that seemed odd to me. I'm using Ubuntu22.04 I have a USB device connected to my machine: ubuntu@ubuntu-2204:/media/ubuntu$ cat /proc/...
- 111
2 votes
1 answer
219 views
How does a cgroup namespace work?
I’m trying to understand how cgroup namespaces work, but I’m stuck on something that doesn’t make sense to me. My understanding is that a cgroup namespace should virtualize the cgroup hierarchy for a ...
- 95
2 votes
1 answer
104 views
How to enable internet access for a bridge inside a Linux network namespace?
I've created two Linux network namespaces (ns1 and ns2), and inside each, I have: A bridge (ns1-br0, ns2-br0) A TAP device (tap0, tap1) connected to the respective bridge Each TAP device gets an IP ...
0 votes
0 answers
71 views
Bridging containers to external VLAN
I have a physical network with several VLANs. One of my computers (my main workstation) is connected to two different VLANs on this network, one tagged, the other not. I have successfully set this ...
- 1,412
1 vote
1 answer
88 views
How can I bind-mount a file into an existing directory tree inside a fresh user/mount namespace?
I would like to use unshare to create a new unprivileged user/mount namespace, with the goal of making a specific file appear at a specific location inside the child namespace. For example, assume ...
- 657
0 votes
0 answers
51 views
Unexpected network namespace inode when accessing /var/run/netns/ from pod in host network namespace
I'm running a Kubernetes cluster with RKE2 v1.30.5+rke2r1 on Linux nixos 6.6.56 amd64, using Cilium CNI. Here's the setup: I have two pods (yaml manifests at the bottom): Pod A (xfrm-pod) is running ...
- 1
-1 votes
3 answers
504 views
is User Namespaces a security vulnerability and is it logical to disable in sysctl.conf?
A security rule of RHEL 8 must disable the use of user namespaces. states Discussion: It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements ...
- 9,198
2 votes
1 answer
189 views
Mapping two users to host with user namespaces
I'm trying to understand whether it's possible to map two users from a user namespace to two different users on the host. The goal is to replicate the same permissions I have on my host inside a ...
- 95
0 votes
0 answers
83 views
How to modify a mount namespace without having a working mount command in it?
I have a process which is running in a container I want to debug. To debug it, I want to modify that mount namespace (most importantly: I want to mount my toolkit root into it). How to do that from a ...
- 10.5k
0 votes
1 answer
101 views
Relationship between CLONE_NEWUSER, `/bin/unshare` and `unshare(2)` as it relates to User Namespace
I am trying to comprehend some man7.org documentation about the User Namespace and the /bin/unshare command. I started by reading this page: https://man7.org/linux/man-pages/man7/user_namespaces.7....
- 631