Questions tagged [namespace]
Questions relating to Linux namespaces, including commands such as: unshare and ip netns. Namespaces support isolation of filesystems, system names, IPC, processes, networks, and users. Closely related to the docker and lxc tags; use those tags instead of this one if you are simply using docker or lxc to implement namespaces.
307 questions
0
votes
0
answers
15
views
Unexpected network namespace inode when accessing /var/run/netns/ from pod in host network namespace
I'm running a Kubernetes cluster with RKE2 v1.30.5+rke2r1 on Linux nixos 6.6.56 amd64, using Cilium CNI.
Here's the setup:
I have two pods (yaml manifests at the bottom):
Pod A (xfrm-pod) is running ...
- 1
-1
votes
3
answers
55
views
is User Namespaces a security vulnerability and is it logical to disable in sysctl.conf?
A security rule of RHEL 8 must disable the use of user namespaces. states
Discussion: It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements ...
- 8,271
2
votes
1
answer
68
views
Mapping two users to host with user namespaces
I'm trying to understand whether it's possible to map two users from a user namespace to two different users on the host.
The goal is to replicate the same permissions I have on my host inside a ...
- 23
0
votes
0
answers
24
views
How to modify a mount namespace without having a working mount command in it?
I have a process which is running in a container I want to debug. To debug it, I want to modify that mount namespace (most importantly: I want to mount my toolkit root into it).
How to do that from a ...
- 10.3k
0
votes
1
answer
25
views
Relationship between CLONE_NEWUSER, `/bin/unshare` and `unshare(2)` as it relates to User Namespace
I am trying to comprehend some man7.org documentation
about the User Namespace and the /bin/unshare command.
I started by reading this page:
https://man7.org/linux/man-pages/man7/user_namespaces.7....
- 611
0
votes
0
answers
9
views
How to uses rsyslog with more than one hostname via Linux Namespaces?
I am trying to learn about UTS namespace. I want to write some log entries from both a parent namespace and a child UTS namespace. This is for demonstration purposes, so it doesn't matter if rsyslog ...
- 611
3
votes
1
answer
105
views
Why can't I connect a network namespace to the Internet?
I've seen other answers on this site and read an article and watched a video on the topic, but I still can't connect my network namespace to the outside world.
Setup
I created a namespace named "...
- 133
0
votes
1
answer
70
views
How do I change the default namespace used by kubectl?
When using kubectl, for various operations a namespace is required. Typically it uses default as the default namespace, and a different namespace can be set using -n. But in my work, all resources ...
- 76.3k
0
votes
1
answer
100
views
Understanding the concepts of commands, processes and namespaces
I am not a strong linux user, but I want to better understand the material in this post here which talks about linux namespaces
https://stackoverflow.com/questions/44666700/unshare-pid-bin-bash-fork-...
- 611
1
vote
1
answer
62
views
`nsenter` `--root`: symlink vs. regular dir path
I am noticing a weird behavior for nsenter which I am looking some explanation for.
When I enter the namespaces of another process created with unshare I observe the differences in resulting behavior ...
1
vote
1
answer
39
views
How to ensure WireGuard traffic is confined to a Linux network namespace without internet access on the host?
I’m trying to configure WireGuard (WG) inside a Linux network namespace (mynamespace) in such a way that all WireGuard traffic is limited to the network namespace and does not affect the host system’s ...
- 11
0
votes
0
answers
127
views
When mounting with X-mount.idmap, what is the format for the user namespace file?
The mount manpage states for the X-mount.idmap option:
• A user can specify the ID-mapping directly.
[...]
• A user can specify a user namespace file.
The user namespace will then ...
- 1,475
0
votes
1
answer
271
views
Attach gdb from a docker container to a process running in a different PID namespace
I built a docker image with gcc binutils and gdb debugger installed inside.
I would attach gdb from that docker container to a process inside a lxc container running on the same Linux host. The lxc ...
- 165
2
votes
1
answer
144
views
Weird result mounting a tmpfs as root in the directory tree
Using unshare -Umr I created a new user, mount namespaces where the calling process is moved into. Then via mount -t tmpfs tmpfs / I mounted a new tmpfs instance on the root / of the directory tree ...
- 165
0
votes
0
answers
41
views
shared vs private mountpoints in parent/child mount namespaces
As per explicit request, I opened this question to ask the following:
on Ubuntu linux systems initial (aka root or default) mount namespace has options for mounted filesystems that are different from ...
- 165