Simplify --net ns: syntax?

[apostasie]

What is the problem you're trying to solve

Currently, we require absolute path to the ns.

eg:

sudo nerdctl run -d --net ns:/run/netns/lepton-test busybox sleep Inf

and (of course?)

sudo nerdctl run -d --net ns:lepton-test busybox sleep Inf

... will fail.

Is there a particular reason not to allow network namespaces names instead of full path?
Put otherwise: are there cases where passing along a full path that is not under /run/netns would be required?

Describe the solution you'd like

na

Additional context

No response

[AkihiroSuda]

--net ns: should be compatible with Podman; so supporting absolute paths SGTM if Podman supports them

[dancavallaro]

I'll chime in with my 2 cents (whatever that's worth) as the original contributor of this feature.

Put otherwise: are there cases where passing along a full path that is not under /run/netns would be required?

Yes! I'll readily admit to not being an expert here, but my understanding is that storing network namespaces with names under /var/run/netns is simply a convention used by the iproute2 tools (see https://man7.org/linux/man-pages/man8/ip-netns.8.html), but network namespaces can be created at any arbitrary path. This is what we do in my use case that originally led me to contribute this feature, but for another example, consider that Docker by default stores network namespaces under /var/run/docker/netns, so supporting arbitrary paths allows you to run containers in any arbitrary netns, as was the intent.

For completeness' sake, you could always workaround this by symlinking an existing netns under a different path so that it's under /var/run/netns, and then you can use it with ip netns, but that's a bit cumbersome when we can just support arbitrary paths directly.

To touch on @AkihiroSuda's comment, Podman's equivalent feature does support arbitrary full paths: https://docs.podman.io/en/v4.4/markdown/podman-run.1.html#network-mode-net. Just to clarify, nerdctl already supports arbitrary paths, but I think @apostasie was proposing supporting named namespaces, either additionally or instead of arbitrary paths.

Between the Podman parity angle and my own selfish interests I'm against dropping support for arbitrary paths, but I don't have any particular problem with adding support for named namespaces when one is provided to ns: instead of a path.

[apostasie]

That's helpful, thanks!

Yes, I am proposing supporting named namespaces.
Your clarification clearly proves that it should be in addition of explicit full path.

[apostasie]

/dibs

@AkihiroSuda can you assign?