Stack Overflow
Stack Overflow

Questions tagged [linux-namespaces]

For questions regarding Linux kernel's namespaces mechanism.

143 questions
0
votes
1 answer

Which process/thread capabilities sets will be changed during clone(2), unshare(2), and setns(2)?

The man page for user_namespaces(7) says: The child process created by clone(2) with the CLONE_NEWUSER flag starts out with a complete set of capabilities in the new user namespace. Likewise, a process that creates a new user namespace using…
TheDiveO
  • 2,183
  • 2
  • 19
  • 38
0
votes
1 answer

exec.Command with Credential in a new user namespace gets error: "operation not permitted"

I'd like to implement a simple sandbox using Linux namespace and Go to execute command. In order to prevent the command from writing to disk, the command is executed as another user using Credential: &syscall.Credential{Uid: uint32(1), Gid:…
Zihe Liu
  • 159
  • 1
  • 12
0
votes
3 answers

capability from different user namespace

I'm studying posix capabilities and namespace in linux and I wrote some lines of code inspired by these impressive articles to better comprehend how the capabilities are seen from different namespaces. Some piece of code are taken from the examples…
fusillator
  • 47
  • 6
0
votes
0 answers

Get "Operation not permitted" when I run "ping" in a new user namespace

I create a new process and new user namespace like this: clone(run, stack + STACK_SIZE, CLONE_NEWUSER | SIGCHLD, NULL); and run ping in new process, but I got an error: Operation not permitted. Here is my code: #define _GNU_SOURCE #include…
solomon_wzs
  • 1,711
  • 5
  • 16
  • 29
0
votes
0 answers

How to "redirect" filesystem read/write calls without root and performance degradation?

I have non-root access to a server that is shared by many users. I first develop and run some code locally, and then I want to rsync my data to a temporary location on a remote server and run my code on a remote server without changing any file…
Ben Usman
  • 7,969
  • 6
  • 46
  • 66
0
votes
0 answers

Linux force packet to egress (and avoid local/kernel trafic)

I have a 20-ports switch connected to a 20-NICs PC (1-to-1) and want to load it with traffic. Of course configuring all NICs with different IPs and start my client/server (Python3) scripts (or iperf3) will generate local traffic only unless I force…
bli
  • 93
  • 6
0
votes
1 answer

issue with kvm/libvirt and linux-namespaces

I have an issue with kvm/libvirt virtualization and network namespaces on my Ubuntu 16.04 LTS. What I want to do is the following fenced setup: One network namespace (the fence) Two Linux bridges in the namespace. Each bridge has it's own ip…
zweiund40
  • 65
  • 1
  • 2
  • 7
0
votes
1 answer

How to communicate properly between child process in other network namespace and parent process?

I am using Popen from subprocess to spawn a new process in a network namespace. I need to exchange data between the parent process and the newly spawned child process. Currently, I am doing this by simply parsing from stdout, meaning that in my…
John Doe
  • 113
  • 1
  • 2
  • 11
0
votes
1 answer

creating unshared namespaces

When running unshare command (man 1 unshare), which allows to execute a command in a separate namespace from the shell, why do I still see all processes from the host? Is PID namespace not unshared by design? Thanks.
Mark
  • 6,052
  • 8
  • 61
  • 129
0
votes
1 answer

How to enable Linux namespace in system based on kernel 2.6.38 and initd?

I want to run LXC 2.0 on linux kernel 2.6.38 and init.d, whether both kernel version and initd are mandatory. I have recompiled the Kernel with namespace support as follow. # Kernel…
teotanin
  • 1
  • 2
0
votes
2 answers

Confused by the source and target keyword in mount system call

I am implementing a container which is cloned with a new namespace including mount, pid, user namespaces, etc. The first step the child does is to mount several important points such as /proc, /sys and /tmp using mount system…
Jes
  • 2,614
  • 4
  • 25
  • 45
0
votes
1 answer

Can I move a kernel thread from one namespace to another?

Our situation is: First we have a kernel thread (say KS) that starts to run when kernel starts to run; Then when system is ready, we create another namespace (say NS1) that has a different mntns with LXC. Our requirement is the KS need to write…
Mark.Zhang
  • 31
  • 3
0
votes
1 answer

Are file descriptors corresponding to sockets in different namespaces assigned same numerical value?

I need to open multiple TCP sockets, corresponding to each namespace programmed in linux. I wanted to know whether the fd assigned to these sockets might be the same or they are always system-wide unique?
rango
  • 311
  • 1
  • 13
0
votes
1 answer

why CLONE_NEWNS can not make mount namespace isolated?

namespace link and do following test: gcc -o mntns mntns.c the run with $ sudo ./mntns secret_dir='mktemp -d --tmpdir=/tmp' mount -n -o size=1m -t tmpfs tmpfs $secret_dir df -h , show it includes the tmpdir created in step 3,…
Kennan
  • 21
  • 2
0
votes
0 answers

how to use linux's network namespace feature to measure the bytes sent/received over network by a process?

I have this situation where I need to measure the bytes sent/received during its execution. The PC will have a normal ethernet interface (eth1) to interact with others in the network. I did a little research on linux network namespace and cgroups,…
fabiux
  • 11
  • 4
1 2 3
9
10