Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use unshare, setns, netlink etc. to create and configure netns #49

Open
jamesmcm opened this issue Nov 23, 2020 · 1 comment
Open

Use unshare, setns, netlink etc. to create and configure netns #49

jamesmcm opened this issue Nov 23, 2020 · 1 comment
Labels
enhancement New feature or request important An important issue that should be resolved quickly

Comments

@jamesmcm
Copy link
Owner

jamesmcm commented Nov 23, 2020
edited
Loading

Unshare: https://stackoverflow.com/questions/10730838/how-to-create-multiple-network-namespace-from-a-single-process-instance
https://man7.org/linux/man-pages/man1/unshare.1.html
https://crates.io/crates/unshare (does this support modifying current process, i.e. without spawn)
https://stackoverflow.com/questions/10730838/how-to-create-multiple-network-namespace-from-a-single-process-instance
https://stackoverflow.com/questions/30142799/how-to-add-a-name-to-namespace

setns: https://man7.org/linux/man-pages/man2/setns.2.html

Also in nix:
https://docs.rs/nix/0.19.0/nix/sched/fn.setns.html
https://docs.rs/nix/0.19.0/nix/sched/fn.unshare.html

Rust example: https://github.com/johnae/netns-exec/blob/master/src/main.rs

Bind mount (to keep netns alive): https://man7.org/linux/man-pages/man2/mount.2.html
https://crates.io/crates/sys-mount

Plan:

Might be easier with separate thread anyway, to manage executions inside and outside the namespace.

exec (can probably just use std::Process): https://linux.die.net/man/3/execvpe

netlink (for ip link): http://ifeanyi.co/posts/linux-namespaces-part-4/
https://crates.io/crates/rtnetlink (routing)
https://crates.io/crates/netlink-sys (netlink sockets)

libnftnl (for nftables): https://crates.io/crates/nftnl

libiptc (for iptables): https://crates.io/crates/libiptc-sys

wgctrl (Wireguard i.e. wg conf): https://crates.io/crates/wgctrl-rs

sysctl: https://crates.io/crates/sysctl

nmcli (Network Manager): https://crates.io/crates/networkmanager
https://docs.rs/networkmanager/0.3.2/networkmanager/devices/trait.Any.html#tymethod.set_managed

sudo: https://crates.io/crates/sudo - use instead of just checking uid - but how to verify capabilities?

Some C examples: https://github.com/Intika-Linux-Namespace
@jamesmcm jamesmcm added enhancement New feature or request important An important issue that should be resolved quickly labels Nov 23, 2020
@jamesmcm jamesmcm mentioned this issue Dec 15, 2020
Open
@little-dude little-dude mentioned this issue Jan 23, 2021
Closed
@little-dude
Copy link

Potentially relevant as well (just found it while looking for some other implementations: https://github.com/vishvananda/netns)

@jamesmcm jamesmcm mentioned this issue Sep 13, 2022
Open
@jamesmcm jamesmcm mentioned this issue Sep 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request important An important issue that should be resolved quickly
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamesmcm @little-dude