Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Grant Taylor <gtaylor@×××××××××××××××××××××.net>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] iproute2 reference
Date: Mon, 11 Jun 2018 01:24:21
Message-Id: 0d1c4dc9-ca58-17bf-14fe-3370ca794541@spamtrap.tnetconsulting.net
In Reply to: Re: [gentoo-user] iproute2 reference by Grant Taylor
1 On 06/10/2018 01:13 PM, Grant Taylor wrote:
2 > I'll respond later with more details as to what I do to run various
3 > things in Network Namespaces.
4
5 I create the following directories ("mkdir -p" type thing):
6
7 - /run/mountns/$NSname
8 - /run/netns/$NSname
9 - /utsns/$NSname
10
11 First I create the Namespace:
12
13 unshare --mount/run/mountns/$NSname --net=/run/netns/$NSname
14 --uts=/run/utsns/$NSname /bin/true
15
16 Then I change the hostname inside of the Namespace:
17
18 nsenter --mount/run/mountns/$NSname --net=/run/netns/$NSname
19 --uts=/run/utsns/$NSname /bin/hostname $NSname
20
21 Then I start what ever process I want to inside of the Namespace:
22
23 nsenter --mount/run/mountns/$NSname --net=/run/netns/$NSname
24 --uts=/run/utsns/$NSname /path/to/daemon…
25
26 I reuse the nsenter methodology above to go into the Namespace and run
27 what ever I want. I can enter an interactive shell inside of the
28 Namespace using the following:
29
30 nsenter --mount/run/mountns/$NSname --net=/run/netns/$NSname
31 --uts=/run/utsns/$NSname /bin/bash
32
33 I see no reason that you couldn't run a VPN inside of a Namespace. It
34 might actually make things easier. The VPN could route everything (from
35 that Namespace) through the VPN. Then you just need to pick what you
36 route to the VPN's Namespace.
37
38 Note: What I'm doing is quite similar to containers with the major
39 exception that all of the files are based on the parent (default / main
40 / unnamed) Namespace. (It's my understanding that…) Containers use this
41 same methodology with namespaces, just with a full file system that is
42 an OS image unto themselves. Which means that they need to be
43 maintained as separate OS images and have the proper care and feeding.
44 My preferred method means that the Namespaces inherit all the files from
45 the parent (…) Namespace. (Sort of like Solaris's sparse zones.)
46
47
48
49 --
50 Grant. . . .
51 unix || die
Report Message
Find on MARC Find on Google Groups