11

I want to list all the network namespaces on my Linux machine. So far I found two recommended ways to do this:

ip netns list

And

lsns --type=net

Unfortunately both commands do not list all the namespaces! The first only lists the namespaces found in /var/run/netns and the second will only find namespaces with at least one process running in it. Docker for example will save its namespaces in /var/run/docker/netns (so they are not shown by ip netns) and there are some namespaces without a running process (so they are not shown by lsns). Is there any command that prints ALL the network namespaces on the host?

Garuno
  • 241
  • 1
  • 2
  • 8
  • related: https://unix.stackexchange.com/questions/505112/how-do-i-find-all-interfaces-that-have-been-configured-in-linux-including-those – A.B Aug 18 '21 at 22:44
  • So there is no inbuilt tool for doing this? I have to scavenge the /proc file system to get all the namespaces? – Garuno Aug 19 '21 at 05:40

3 Answers3

3

I once again came across this shortcoming of lsns and opened an issue in the repository. It is already fixed and in a future version of lsns it will show all the namespaces, even ones, that are only mounted with no process running in them. In the meantime the information is actually available in /proc/mounts. All mounts with the type nsfs should be mounted namespaces. This is not limited to network namespaces, but covers all namespaces.

Garuno
  • 241
  • 1
  • 2
  • 8
  • One problem left: a namespace kept only by a file descriptor (not by a process being in this namespace): example `ip netns add foo; sleep 999 4< /run/netns/foo & sleep 2; ip netns delete foo` will keep the newly created namespace only with sleep's fd 4 (as can be then checked with `stat -f -L -c %T /proc/$(pidof sleep)/fd/4`). But `lsns` won't find it. And it appears it can't be mounted back (anymore?) unless opening it and setns-ing it. – A.B Nov 08 '22 at 15:43
  • You are correct. This seems like a pretty esoteric case to me though. Do you have more of a real-world example for this case? – Garuno Nov 08 '22 at 15:59
  • No real use-case around. Just being pedantic about "*all* network namespaces". Anyway +1 for the move in the right direction with the request. – A.B Nov 08 '22 at 16:16
  • 1
    I also created an [issue](https://github.com/util-linux/util-linux/issues/1884) for this use case on the `lsns` repo. Apparently it is a legitimate use case for lxc and systemds nspawn. – Garuno Nov 09 '22 at 08:17
1

Not by name, but you can find all used namespaces by looking into /proc/{PID}/ns/net

This script (run as root) shows a list of used network namespace IDs on the machine:

find /proc/ -name ns 2>/dev/null |xargs -I NS ls -la NS/net 2> /dev/null| awk -F '->' '{print $2}'|sort -u
George Shuklin
  • 296
  • 2
  • 11
0

To include the network namespaces of running docker containers into ip netns list you could just set a symbolic link (aka softlink) like this:

ln -Ts /var/run/docker/netns /var/run/netns

Unfortunately there is no generic command in linux to list all network namespaces. You could use the following python script to list at least all namespaces that are linked in /var/run/netns: https://github.com/Intika-Linux-Namespace/Namespace-Lister

For applications using other paths you would have to modify this script.

digijay
  • 1,155
  • 3
  • 11
  • 22
  • This will only solve the Problem for the specific Docker case. How would I know if any other application is creating namespaces in other locations? – Garuno Aug 19 '21 at 05:39
  • Hi @Garuno, see my edit. There seems to be no general solution for this, but at least a script that you could tweak to serve your needs. Hope it helps! – digijay Aug 19 '21 at 09:44