Skip to main content
Unix & Linux

Questions tagged [namespace]

Ask Question

Questions relating to Linux namespaces, including commands such as: unshare and ip netns. Namespaces support isolation of filesystems, system names, IPC, processes, networks, and users. Closely related to the docker and lxc tags; use those tags instead of this one if you are simply using docker or lxc to implement namespaces.

314 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
1 answer
65 views

If there are no sessions (eg tmux a returns "no sessions") a call to start tmux under a namespace (eg sudo ip netns exec ns1 tmux new -s test) will have the shells within (even newly spawned ...
Hashbrown's user avatar
  • 214
0 votes
1 answer
65 views

I once asked how Linux namespaces could be disabled without recompiling. One of the comments asked if I meant without building with CONFIG_USER_NS=n and the answer my question received said to set to ...
Melab's user avatar
  • 4,476
1 vote
1 answer
72 views

I'm trying to run nebula (an overlay networking tool) as a systemd user service, NOT as a system service with user and group defined in the unit file. All examples about running a service with ...
user31422095's user avatar
  • 11
3 votes
1 answer
177 views

For a while, Linux has been supporting ID-mapped mounts. The mount(1) manpage tells us that these can be set up using the X-mount.idmap option. But how can we view the ID mapping of an existing mount? ...
F30's user avatar
  • 601
0 votes
0 answers
35 views

Suppose mount namespace A looks like / lower/ overlay/ upper/ work/ and we run mount -o upperdir=/upper,lowerdir=/lower,workdir=/work -t overlay overlay /overlay and we copy the mount at /...
Melab's user avatar
  • 4,476
1 vote
0 answers
41 views

I was reading about mount namespaces and encountered something that seemed odd to me. I'm using Ubuntu22.04 I have a USB device connected to my machine: ubuntu@ubuntu-2204:/media/ubuntu$ cat /proc/...
EL_9's user avatar
  • 111
2 votes
1 answer
192 views

I’m trying to understand how cgroup namespaces work, but I’m stuck on something that doesn’t make sense to me. My understanding is that a cgroup namespace should virtualize the cgroup hierarchy for a ...
Liric Ramer's user avatar
  • 95
2 votes
1 answer
86 views

I've created two Linux network namespaces (ns1 and ns2), and inside each, I have: A bridge (ns1-br0, ns2-br0) A TAP device (tap0, tap1) connected to the respective bridge Each TAP device gets an IP ...
Bhautik Chudasama's user avatar
  • 121
0 votes
0 answers
60 views

I have a physical network with several VLANs. One of my computers (my main workstation) is connected to two different VLANs on this network, one tagged, the other not. I have successfully set this ...
Omnifarious's user avatar
  • 1,412
1 vote
1 answer
77 views

I would like to use unshare to create a new unprivileged user/mount namespace, with the goal of making a specific file appear at a specific location inside the child namespace. For example, assume ...
Jason R's user avatar
  • 657
0 votes
0 answers
45 views

I'm running a Kubernetes cluster with RKE2 v1.30.5+rke2r1 on Linux nixos 6.6.56 amd64, using Cilium CNI. Here's the setup: I have two pods (yaml manifests at the bottom): Pod A (xfrm-pod) is running ...
rrekaF's user avatar
  • 1
-1 votes
3 answers
453 views

A security rule of RHEL 8 must disable the use of user namespaces. states Discussion: It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements ...
ron's user avatar
  • 9,184
2 votes
1 answer
171 views

I'm trying to understand whether it's possible to map two users from a user namespace to two different users on the host. The goal is to replicate the same permissions I have on my host inside a ...
Liric Ramer's user avatar
  • 95
0 votes
0 answers
73 views

I have a process which is running in a container I want to debug. To debug it, I want to modify that mount namespace (most importantly: I want to mount my toolkit root into it). How to do that from a ...
peterh's user avatar
  • 10.5k
0 votes
1 answer
91 views

I am trying to comprehend some man7.org documentation about the User Namespace and the /bin/unshare command. I started by reading this page: https://man7.org/linux/man-pages/man7/user_namespaces.7....
learningtech's user avatar
  • 631
0 votes
0 answers
24 views

I am trying to learn about UTS namespace. I want to write some log entries from both a parent namespace and a child UTS namespace. This is for demonstration purposes, so it doesn't matter if rsyslog ...
learningtech's user avatar
  • 631
3 votes
1 answer
229 views

I've seen other answers on this site and read an article and watched a video on the topic, but I still can't connect my network namespace to the outside world. Setup I created a namespace named "...
verified_tinker's user avatar
  • 133
0 votes
1 answer
177 views

When using kubectl, for various operations a namespace is required. Typically it uses default as the default namespace, and a different namespace can be set using -n. But in my work, all resources ...
muru's user avatar
  • 78.3k
0 votes
1 answer
189 views

I am not a strong linux user, but I want to better understand the material in this post here which talks about linux namespaces https://stackoverflow.com/questions/44666700/unshare-pid-bin-bash-fork-...
learningtech's user avatar
  • 631
1 vote
1 answer
148 views

I am noticing a weird behavior for nsenter which I am looking some explanation for. When I enter the namespaces of another process created with unshare I observe the differences in resulting behavior ...
Eugene D. Gubenkov's user avatar
  • 113
1 vote
1 answer
84 views

I’m trying to configure WireGuard (WG) inside a Linux network namespace (mynamespace) in such a way that all WireGuard traffic is limited to the network namespace and does not affect the host system’s ...
Sago's user avatar
  • 11
0 votes
0 answers
213 views

The mount manpage states for the X-mount.idmap option: • A user can specify the ID-mapping directly. [...] • A user can specify a user namespace file. The user namespace will then ...
user149408's user avatar
  • 1,565
0 votes
1 answer
528 views

I built a docker image with gcc binutils and gdb debugger installed inside. I would attach gdb from that docker container to a process inside a lxc container running on the same Linux host. The lxc ...
CarloC's user avatar
  • 385
2 votes
1 answer
235 views

Using unshare -Umr I created a new user, mount namespaces where the calling process is moved into. Then via mount -t tmpfs tmpfs / I mounted a new tmpfs instance on the root / of the directory tree ...
CarloC's user avatar
  • 385
0 votes
1 answer
71 views

The output of lsns looks different based on the privilege of the user running it. ubuntu user and root user get different results: ubuntu@ubuntu:~$ lsns NS TYPE NPROCS PID USER COMMAND ...
CarloC's user avatar
  • 385
0 votes
1 answer
69 views

I'm aware of unshare -m creates a new mount namespace moving the process executing it into the new mount namespace being created. The latter gets a copy of parent's mount namespace. Indeed look at the ...
CarloC's user avatar
  • 385
0 votes
0 answers
72 views

like "ip netns add", it mount file "/proc/*/ns/net" somewhere else, when need use the net namespace you can use the mounted file, but when mount --bind a mnt namespace file it ...
zhouhj's user avatar
  • 1
1 vote
1 answer
1k views

from https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-12-03/finding/V-230548 RHEL 8 must disable the use of user namespaces. It is detrimental for operating systems to provide, or ...
ron's user avatar
  • 9,184
1 vote
0 answers
135 views

A couple of days ago I had a motherboard failure and as a result I bought a new computer. I swapped in the old hard drives and after a couple of hiccups, everything was nearly the same again. It is ...
Shaav's user avatar
  • 11
2 votes
0 answers
145 views

I always assumed that /proc/[PID]/status shows capabilities that PID has in the user namesapce of the process that opens /proc/[PID]/status, not in the user namespace of PID, but it seems that I was ...
user643357's user avatar
  • 21
1 vote
0 answers
86 views

This question hints that it is possible to create a veth (which normally requires root) from inside a user and network namespace, and indeed: user@host$ unshare --user --net -r =bash root@namespace# ...
F.X.'s user avatar
  • 361
2 votes
1 answer
298 views

I recently became aware of solutions like slirp4netns or passt/pasta which essentially work around the fact that you can't create a pair of veth network interfaces without root (or CAP_NET_ADMIN). ...
F.X.'s user avatar
  • 361
0 votes
0 answers
819 views

I am having a hard time understanding Manual for PrivateUsers=. It mentions a few caveats for it to fail silently... But I think i'm avoiding them all and still not managing to reach the manual ...
gcb's user avatar
  • 953
0 votes
0 answers
75 views

I was following this tutorial https://github.com/faysalmehedi/linux-network-namespaces-hands-on I had to use this command so that our ns1 namespace can talk to eth0, where 192.168.1.1 is the IP ...
Arjun Hegde's user avatar
  • 101
0 votes
1 answer
181 views

The directories of the form /proc/[pid]/ns get populated each time they are accessed. That is, each time they are accessed the kernel produces a symlink to somewhere in the namespace filesystem (not ...
caciquekampeon's user avatar
  • 1
3 votes
0 answers
196 views

Why does global root (root in the initial user namespace) not have the ability to read all files regardless of permission when ID-mapped mounts (see "ID-mapped mounts" under man 2 ...
Joseph Sible-Reinstate Monica's user avatar
  • 4,250
1 vote
1 answer
514 views

I'm trying to make one network namespace to be able to ping another namespace via a bridge. Here are the commands I'm executing: # create two namespaces ip netns add ns0 ip netns add ns1 # create a ...
AhmedWas's user avatar
  • 247
3 votes
0 answers
449 views

I am trying to mount an overlayfs on /tmp from within a separate user & mount namespace. This works well unless /tmp already has a child mount in the original namespace, in which case this ...
Fabian Meumertzheim's user avatar
  • 81
0 votes
0 answers
114 views

The goal is very simple: anything sent to pair1, as outgoing packet, should appear on pair0 as an incoming packet and vice versa. I am thinking on a layer3-only, virtual interface now. tun could do ...
peterh's user avatar
  • 10.5k
3 votes
1 answer
630 views

Is there a way to disable all namespace types at boot time or runtime in Linux?
Melab's user avatar
  • 4,476
0 votes
0 answers
94 views

I'm using zmq to receive data from another pc. I would like to formard this received data to the Internet via namespace. I've created this python script: import subprocess import zmq context = zmq....
Raúl Parada Medina's user avatar
  • 1
1 vote
1 answer
214 views

When mounting a tmpfs in a mount and user namespace that is separate from my 'regular' system, my expectation is that it's possible to use any user/group ID. There would be no need for mapping IDs ...
Banyoghurt's user avatar
  • 145
2 votes
1 answer
164 views

The problem I cannot cryptsetup close any LUKS volume while any flatpak app is running in the background. Yes, the flatpak app just has to be running in the background, I'm not trying to use ...
renzev's user avatar
  • 111
1 vote
0 answers
45 views

I'm developing a remote desktop/streaming program for linux. When a user logs in, they specify a program to launch, and the remote server launches that program as a new process. The server process ...
colinmarc's user avatar
  • 11
0 votes
1 answer
572 views

I'm encountering an issue where a Kubernetes namespace is stuck in the 'Terminating' state. Running kubectl get ns cattle-monitoring-system -o json|jq produces error messages related to custom.metrics....
karlsebal's user avatar
  • 835
1 vote
0 answers
184 views

At work I have limited access to my PC, so I am running proot with /nix mounted to give me access to nix package manager. However, executing some setuid commands fails under proot. $ proot /usr/bin/...
KamilCuk's user avatar
  • 970
1 vote
0 answers
582 views

I expected uid=0(root) gid=0(root) groups=0(root) to be the output of both $ rootlesskit id $ unshare -U bash -c 'newuidmap $$ 0 '"$(id -u)"' 1; id' however the somewhat more verbose -x ...
humanityANDpeace's user avatar
  • 15.3k
0 votes
0 answers
201 views

Hi have a very strange scenario when my process (and its child) receives a SIGTERM and the sender is systemd (PID == 1). My setup is the following: two "simmetric" partitions mounted on /...
MirkoBanchi's user avatar
  • 101
3 votes
2 answers
3k views

So I have an application that only binds to 0.0.0.0 and listens on a port (TCP). The communication is unencrypted and unauthorized so I'd like to work around that without getting too deep into the ...
WesAtWork's user avatar
  • 153
0 votes
1 answer
279 views

I wonder if anyone succeeded starting a tftpd in a network namespace (I'm using tftp-server-5.2-22.el7.x86_64.rpm)? I.e., starting tftpd in a default NS is trivial: bash# systemctl start tftp bash# ...
Dmitry's user avatar
  • 83

1
2 3 4 5
7