All Questions
11 questions
7
votes
1
answer
2k
views
How can a process detect that it's in a child namespace?
I have researched the subject and found the following code on Github, which says:
// HasNamespace determines if a container is using a particular namespace or the
// host namespace.
// The device ...
- 4,871
0
votes
1
answer
434
views
How to connect two instances of netcat through a veth device pair?
I want to connect to instances of netcat through a veth(4) device pair.
Thus, I create the veth pair using ip as follows:
ip link add eth0 type veth peer name eth1
ip addr add 10.0.0.1/24 dev eth0
ip ...
- 4,871
3
votes
0
answers
90
views
Which namespaces are the executable specified by `release_agent` executed in, when the last task leaves the cgroup?
Reading the documentation for Linux cgroups, I've come across the notify_on_release flag and how it relates to release_agent, i.e. the kernel runs the executable specified by release_agent, if ...
- 4,871
2
votes
0
answers
1k
views
How to enter the root PID namespace from a distribution installed on WSL?
I've been experimenting with the Windows Subsystem for Linux v2 (WSL 2) and read in their FAQ that all distributions are installed on the same virtual machine (VM), isolated using namespaces, in Hyper-...
- 4,871
2
votes
1
answer
5k
views
How can I enable user namespaces and have it persist after reboot?
When I run podman I get,
$ podman info
cannot clone: Operation not permitted
user namespaces are not enabled in /proc/sys/kernel/unprivileged_userns_clone
Error: cannot re-exec process
How can I ...
- 34k
4
votes
1
answer
3k
views
Do user (group) ID mappings in `/proc/[pid]/uid_map` (`/proc/[pid]/gid_map`) only apply for the process `[pid]` or globally for the whole namespace?
After reading man user_namespaces, I'm not sure, whether user (group) ID mappings to the parent namespace, set in /proc/[pid]/uid_map (/proc/[pid]/gid_map), apply to all processes in the namespace or ...
- 4,871
5
votes
1
answer
1k
views
Why does `nsenter` need to call `fork` before `exec` to ensure that any children will also be in the newly entered PID namespace?
I assume that nsenter, which runs as a sub-process of bash, utilizes the setns system call to join an existing namespace and then executes the specified program using exec.
But, if nsenter has ...
- 4,871
2
votes
1
answer
854
views
How to check the device number of a device in `/proc/1/ns/{ns}`?
How to check the device number of a device in /proc/1/ns/{ns}?
I've read the code for a Go library (see below), which states that it's possible to determine, if a container is in the host namespace ...
- 4,871
2
votes
1
answer
1k
views
How to make /dev inside linux namespaces
AFAIK the container terminology, what I'm essentially trying to accomplish is to write my own "container runtime".
What I'm doing:
user@host:~$ mkdir test
user@host:~$ cd test
user@host:~/test$ ...
- 67
1
vote
2
answers
2k
views
Is it possible for mount(8) to override systemd MountFlags?
I am working on Debian stretch/4.14.75 and have been
using my own automounter (udev-hook + shell-script)
for years.
Since it breaks recently due to the namespace problem
that the mounted directory is ...
- 11
3
votes
1
answer
2k
views
Why does child with mount namespace affect parent mounts?
I am trying to understand Linux namespaces using a Debian jessie server where I have root access.
Consider this C code:
# /tmp/test.c
#define _GNU_SOURCE
#include <sched.h>
#include <stdio....
- 763