On 1/24/19 8:50 AM, Matteo Croce wrote: > ip tracks namespaces with dummy files in /var/run/netns/, but can't see > namespaces created with other tools. > Creating the dummy file and bind mounting the correct procfs entry will > make ip aware of that namespace. > Add an ip netns subcommand to automate this task. > > Signed-off-by: Matteo Croce <[email protected]> > --- > ip/ipnetns.c | 84 +++++++++++++++++++++++++++++++++++++++++++++ > man/man8/ip-netns.8 | 10 ++++++ > 2 files changed, 94 insertions(+) > > diff --git a/ip/ipnetns.c b/ip/ipnetns.c > index 03879b49..86b1a36b 100644 > --- a/ip/ipnetns.c > +++ b/ip/ipnetns.c > @@ -28,6 +28,7 @@ static int usage(void) > { > fprintf(stderr, "Usage: ip netns list\n"); > fprintf(stderr, " ip netns add NAME\n"); > + fprintf(stderr, " ip netns attach NAME PID\n"); > fprintf(stderr, " ip netns set NAME NETNSID\n"); > fprintf(stderr, " ip [-all] netns delete [NAME]\n"); > fprintf(stderr, " ip netns identify [PID]\n"); > @@ -811,6 +812,86 @@ static int netns_monitor(int argc, char **argv) > return 0; > } > > +static int netns_attach(int argc, char **argv) > +{ > + /* This function bind mounts an existing network namespace to a > + * well known location in the filesystem based on the name provided. > + * If everything succeeds, the result is the same as netns_add. > + * > + * The mount namespace is created so that any necessary > + * userspace tweaks like remounting /sys, or bind mounting > + * a new /etc/resolv.conf can be shared between users. > + */ > + char netns_path[PATH_MAX], proc_path[PATH_MAX]; > + const char *name; > + int fd; > + pid_t pid; > + int made_netns_run_dir_mount = 0; > + > + if (argc < 2) { > + fprintf(stderr, "No netns name and PID specified\n"); > + return -1; > + } > + name = argv[0]; > + > + if (get_s32(&pid, argv[1], 0) || !pid) { > + fprintf(stderr, "Invalid PID: %s\n", argv[1]); > + return -1; > + } > + > + snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name); > + > + if (create_netns_dir()) > + return -1; > + > + /* Make it possible for network namespace mounts to propagate between > + * mount namespaces. This makes it likely that a unmounting a network > + * namespace file in one namespace will unmount the network namespace > + * file in all namespaces allowing the network namespace to be freed > + * sooner. > + */ > + while (mount("", NETNS_RUN_DIR, "none", MS_SHARED | MS_REC, NULL)) { > + /* Fail unless we need to make the mount point */ > + if (errno != EINVAL || made_netns_run_dir_mount) { > + fprintf(stderr, "mount --make-shared %s failed: %s\n", > + NETNS_RUN_DIR, strerror(errno)); > + return -1; > + } > + > + /* Upgrade NETNS_RUN_DIR to a mount point */ > + if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND | > MS_REC, NULL)) { > + fprintf(stderr, "mount --bind %s %s failed: %s\n", > + NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno)); > + return -1; > + } > + made_netns_run_dir_mount = 1; > + } > + > + /* Create the filesystem state */ > + fd = open(netns_path, O_RDONLY|O_CREAT|O_EXCL, 0); > + if (fd < 0) { > + fprintf(stderr, "Cannot create namespace file \"%s\": %s\n", > + netns_path, strerror(errno)); > + return -1; > + } > + close(fd); > + > + snprintf(proc_path, sizeof(proc_path), "/proc/%d/ns/net", pid); > + > + /* Bind the netns last so I can watch for it */ > + if (mount(proc_path, netns_path, "none", MS_BIND, NULL) < 0) { > + fprintf(stderr, "Bind %s -> %s failed: %s\n", > + proc_path, netns_path, strerror(errno)); > + goto out_delete; > + } > + return 0; > +out_delete: > + if (unlink(netns_path) < 0) > + fprintf(stderr, "Cannot remove namespace file \"%s\": %s\n", > + netns_path, strerror(errno)); > + return -1; > +} > +
Rather than duplicate netns_add, refactor it for use by both attach and add.
