I've not worked with very recent kernels, but my recollection is that
a new network namespace (CLONE_NEWNET) is created with no network
devices (and, therefore, routing table entries) aside from the
loopback device, which is initially down. Your code snippet is not
very helpful, but I'm guessing t
Does it really need to be done on loopback? How about creating a
bridge on the host, adding veth devices for each namespace/container
and the host, and adding them to the bridge-- this would allow the
host and each container to access this private, bridged network, but
would not provide external a
