Highest Voted 'linux-namespaces' Questions

4

votes

0 answers

Create unprivileged cgroups without root

I want to create cgroups inside new namespaces in order to control the resource usage of processes as follows: unshare --user --cgroup --mount --ipc --pid --net --uts -r --fork bash mkdir -p my_cgroup/cpuset mount -t cgroup -o cpuset cpuset…

linux cgroups linux-namespaces

asked Sep 06 '17 at 17:37

Tes

349
3
12

4

votes

1 answer

Containers and syscall.CLONE_NEWNS

I'm running the golang code on this repo https://github.com/lizrice/containers-from-scratch/blob/master/main.go and I'm having a problem with the mount namespace. What the code should do is creating a process within its own mount namespace. So if I…

go containers mount linux-namespaces

asked Jun 26 '17 at 16:33

Michy_Arya

43
4

4

votes

1 answer

mount() after clone() with CLONE_NEWNS set effects parent

I am a little confused about what is happening here. I was following a guide where a new mount point was added after calling clone with the CLONE_NEWNS flag set. The mount point was supposed to only exist for the child process. I'm trying to do…

c linux containers linux-namespaces

asked Oct 05 '16 at 02:03

Matthew

432
4
17

4

votes

0 answers

Multiple Linux network namespaces for single application

I'm trying to use network namespaces to achieve VRF behavior (virtual routing and forwarding) for network isolation. Essentially I have a server application (C/C++) running on a TCP port in the default namespace. What I'd like to do is use network…

linux multithreading linux-namespaces

asked Jun 25 '15 at 02:27

pjw

41
1
4

4

votes

1 answer

How to add a name to namespace?

As I know, I can use the "clone" to create a process and a namespace, but the namespace created in this way has no name. For example, I create a network namespace with the parameter: CLONE_NEWNS, but in the command "ip netns list", there is no…

linux networking ip linux-namespaces

asked May 09 '15 at 17:10

vinllen

1,369
2
18
36

4

votes

0 answers

Monitoring network namespaces

Is there a way to monitor netns creation/deletion in the kernel? iproute2 provides means to monitor this but it does by using inotify, looking for creation/deletion of a netns fd in /var/run/netns. Often times a netns is created without an entry in…

linux-kernel linux-namespaces iproute

asked Mar 17 '15 at 17:14

NetCubist

61
2
6

3

votes

0 answers

Docker user namespace isolation: permission denied with bind mount

I enabled user namespace isolation as depicted in archwiki and on docker documentation. However, when I try to use a bind mount: # this is fish shell $ docker run --rm -it -v (pwd)/bmount/:/bmount alpine sh I get: docker: Error response from…

linux docker permissions file-permissions linux-namespaces

asked Jun 24 '21 at 13:19

Momh

732
5
17

3

votes

0 answers

How to disable "private mount namespace" (sandboxing) with the Nix package manager?

I'm trying to use nix on repl.it. I'm using static-nix from https://matthewbauer.us/blog/static-nix.html. If I run the following code: mkdir -p "$HOME/.cache/nix/" curl https://matthewbauer.us/nix > "$HOME/.cache/nix/nix.exe" cat…

root sandbox nix linux-namespaces

asked Feb 23 '21 at 14:53

Suzanne Soy

3,027
6
38
56

3

votes

2 answers

Difference between Kubernetes namespace and Linux namespaces?

What exactly is Kubernetes namespace and how is it different from linux namespaces (mnt,pid,net,ipc,uts,user,cgroup)?

kubernetes linux-namespaces kubernetes-namespace

asked May 06 '20 at 06:13

karthik v

1,104
1
14
22

3

votes

1 answer

How to switch user in Docker container with User Namespaces

I am running dockerd 19.03.1, build 74b1e89 with user namespaces enabled on a dedicated ID range cat > /etc/sub{uid,gid} dockeruser:120000:10000 I need to switch in a container from root to a dedicated user, which I create as ARG USERID=26551 ENV…

docker setuid linux-namespaces

asked Aug 20 '19 at 13:39

THX

553
2
8
18

3

votes

0 answers

Converting a thread id in a Docker cgroup to the host thread id

Is there any straightforward way to map a cgroups thread id to the host thread id, assuming I know the $CONTAINER_PARENT_PROCESSID and its corresponding $HOST_PARENT_PROCESSID. The thread id in the container is part of the output of ps -T…

linux docker process cgroups linux-namespaces

asked May 05 '17 at 04:32

Anil Vaitla

2,958
22
31

3

votes

1 answer

Mount filesystem after clone with CLONE_NEWNS flag

I'm trying to implement the following scenario: clone() main process with CLONE_NEWNS flag (it means new mount namespace) mount() new filesystem in child process child process finished and all created in this process filesystems are unmounted But…

c linux containers mount linux-namespaces

asked Dec 13 '16 at 18:41

dmitrievanthony

1,501
1
15
41

3

votes

1 answer

Difference between clone and fork+unshare

Somehow it's easier to call fork and then unshare because many arguments are copied via fork that would otherwise be manually wrapped to clone. My question is, what is the difference between (1) calling clone which forks a new process in separate…

c linux fork linux-namespaces

asked Nov 29 '16 at 01:07

Jes

2,614
4
25
45

3

votes

1 answer

How to identify performance bottleneck in linux system call unshare(CLONE_NEWNET)

I have a linux application (written in C) which is constantly creating and deleting network-namespaces. Typically a create/delete cycle takes around 300ms. During performance investigations, I ran strace on the program to find out which system call…

c linux performance system-calls linux-namespaces

asked Mar 02 '15 at 20:00

CuriousSoul

61
5

2

votes

0 answers

Tracepoints not available from network namespace

I want to use the linux tracepoints for a bpf application. However when I enter a network namespace no tracepoints/tracing events are available, e.g. ls /sys/kernel/tracing is empty. Why is that and how can I access them from a network…

linux ebpf linux-namespaces

asked Jun 16 '22 at 17:40

marxlaml

321
2
11

Questions tagged [linux-namespaces]