Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [namespace]

Questions relating to Linux namespaces, including commands such as: unshare and ip netns. Namespaces support isolation of filesystems, system names, IPC, processes, networks, and users. Closely related to the docker and lxc tags; use those tags instead of this one if you are simply using docker or lxc to implement namespaces.

Old techniques like chroot are focused on filesystem isolation, but with namespaces, the focus is to isolate other OS layers like PIDs, users, IPC, networking, creating a "virtual OS" with a new group of pids, a new set of users, a completely unshared IPC system (semaphores, shared memory etc.), a dedicated network interface and its own hostname.

Further Reading:

  • ip-netns manpage. The network namespace related iproute2 command.
  • LWN article about network namespaces and a review on other linux namespaces.
  • Explanation about Linux namespaces.
269 questions
50
votes
2 answers

What's a UTS namespace?

The man page of unshare says: UTS namespace setting hostname, domainname will not affect rest of the system (CLONE_NEWUTS flag) What does UTS stand for?
xmllmx
  • 1,750
  • 2
  • 19
  • 29
44
votes
5 answers

How to find out namespace of a particular process?

I already asked a question about how to list all namespaces in Linux, but there wasn't any correct and exact answers, so I want to find out a method which can help me to find out the namespace of PID of some process or group of processes. How can it…
zerospiel
  • 1,063
  • 2
  • 11
  • 11
44
votes
4 answers

How to list namespaces in Linux?

Is there any method in Linux to list all namespaces on the running host? I need to check namespaces for particular processes (e.g. processes running in LXC-container and all other processes on the host) and then find out cgroups of them.
zerospiel
  • 1,063
  • 2
  • 11
  • 11
24
votes
3 answers

Is it possible to run 'unshare -n [program]' as an unprivileged user?

I want to run a program without any internet access, e.g. unshare -n ping 127.0.0.1. As an unprivileged user, it returns Operation not permitted, as a privileged user, it returns the desired Network is unreachable. Is there any way to make it work…
clinei
  • 343
  • 1
  • 2
  • 6
24
votes
3 answers

per process private file system mount points

I was checking unshare command and according to it's man page, unshare - run program with some namespaces unshared from parent I also see there is a type of namespace listed as, mount namespace mounting and unmounting filesystems…
Ramesh
  • 38,687
  • 43
  • 140
  • 215
21
votes
1 answer

How to perform chroot with Linux namespaces?

After reading about Linux namespaces I was under the impression that they are, amongst a lot of other features, an alternative to chroot. For example, in this article: Other uses [of namespaces] include [...] chroot()-style isolation of a process…
koalo
  • 315
  • 2
  • 15
19
votes
4 answers

Command to run a child process "offline" (no external network) on Linux

I have a program I would like to test in offline mode without taking down my actual network. This program would still need to connect to local sockets, including unix domain sockets and loopback. It also needs to listen on loopback and be visible to…
Havoc P
  • 321
  • 3
  • 8
19
votes
2 answers

What is the NSFS filesystem?

The kernel contains a filesystem, nsfs. snapd creates a nsfs mount under /run/snapd/ns/.mnt for each installed snap. ls shows it as a 0 byte file. The kernel source code does not seem to contain any documentation or comments about it. The…
Gert van den Berg
  • 1,491
  • 1
  • 10
  • 19
18
votes
1 answer

What characters are valid to use in filenames?

I seems like it is possible to create filenames in unix with just about any valid character. touch \; && touch \\ && touch \" && touch $'\n' && touch $'\t' && touch $'\v' && touch $'\23' && touch $'\13' && echo "DONE!" The only characters I have…
wefwefa3
  • 1,345
  • 5
  • 15
  • 27
18
votes
1 answer

Reliable way to jail child processes using `nsenter:`

I know that Linux namespaces, among many other things, can be leveraged to handle restricting and jailing child processes securely without any chance of their being zombied and dumped on init. But I'm fuzzy on implementation details. How might I use…
mikeserv
  • 57,448
  • 9
  • 113
  • 229
16
votes
3 answers

kernel: Namespaces support

I am wondering what exactly the “Namespaces support” feature in the Linux kernel means. I am using kernel 3.11.1 (the newest stable kernel at this time). If I decide to disable it, will I notice any change on my system? And in case somebody decides…
Martin Vegter
  • 69
  • 66
  • 195
  • 326
16
votes
3 answers

Simulate chroot with unshare

I am trying to write a bootstrapper for a minimal, from-source linux distribution. I would like to build in a chroot-like environment. This should simplify packaging. I do not care about security at this point. The bootstrapper should not require…
Rooties
  • 161
  • 1
  • 4
14
votes
1 answer

Why can't I bind-mount "/" inside a user namespace?

Why doesn't this work? $ unshare -rm mount --bind / /mnt mount: /mnt: wrong fs type, bad option, bad superblock on /, missing codepage or helper program, or other error. These work ok: $ unshare -rm mount --bind /tmp /mnt $ unshare -rm mount --bind…
sourcejedi
  • 48,311
  • 17
  • 143
  • 296
14
votes
3 answers

Why is my bind mount visible outside its mount namespace?

So I'm trying to get a handle on how Linux's mount namespace works. So, I did a little experiment and opened up two terminals and ran the following: Terminal 1 root@goliath:~# mkdir a b root@goliath:~# touch a/foo.txt root@goliath:~# unshare…
FatalError
  • 243
  • 2
  • 6
13
votes
1 answer

How can I make a device available inside a systemd-nspawn container with user namespacing?

I would like to mount an encrypted image file using cryptsetup inside a systemd-nspawn container. However, I get this error message: [root@container ~]# echo $key | cryptsetup -d - open luks.img luks Cannot initialize device-mapper. Is dm_mod kernel…
sjy
  • 826
  • 8
  • 22
1
2 3
17 18