149 questions
- Bountied 0
- Unanswered
- Frequent
- Score
- Trending
- Week
- Month
- Unanswered (my tags)
0
votes
0
answers
88
views
Docker multiple containers with userns remap
I'm trying to run several docker containers on the same host, and most of these containers are running internally as some random user. E.g. Jetbrains Youtrack where the internal user is called "...
1
vote
0
answers
147
views
How to use Linux tc commands to combine netem delay and bfifo limit?
I am having some issues with tcqdisc commands, more specifically netemdelay and bfifolimit. They work as intended when I use them separately, but I cannot figure out a way to use them simultaneously.
...
1
vote
1
answer
107
views
Why Does User ID Remain 65534 When Using Clone to Create a New User Namespace in Python Script?
I am trying to create a new user namespace using a Python script that utilizes the clone system call. My goal is to map the user ID of a newly spawned shell to a specific value, similar to how it's ...
1
vote
1
answer
96
views
The program does not use the network during network isolation
I use Lutris and run VK Play GameCenter through it. I also use WireGuard and network namespace to route traffic from Lutris to WireGuard. In this configuration VK Play GameCenter doesn't work and ...
1
vote
1
answer
227
views
Filesystem mounted in a mount namespace is visible in root namespace
I have a program that creates a mount namespace with and unshare(CLONE_NEWNS) syscall, then mounts a filesystem at /path/to/my/mount using a mount syscall with mountflags=0. The mount succeeds and I ...
0
votes
1
answer
90
views
readlink(2) result is inconsistent with nested mount namespaces
When two nested mount namespaces are created using unshare(2) in a newly forked process; calling readlink(2) from the last namespace using an FD opened in the previous namespace returns a path that's ...
user avatar
user24145812
-2
votes
1
answer
1k
views
Why I don't see the namespace related to running docker container
I know I can use nsenter to execute host machine program, e.g. netstat, inside the running docker container like this:
sudo nsenter -t namespace_id -n netstat -putan
but for that I first need to ...
0
votes
0
answers
186
views
Can Linux kprobes get disabled temporarily by the kernel?
I am monitoring illegal task namespace changes using kprobes on wake_up_new_task(), do_exit(), begin_new_exec(), unshare() and setns().
For a few systemd services like timedated or upowerd, the ...
0
votes
1
answer
325
views
Can't capture packets from namespace interface
My goal
Hi everyone! So my goal is to run a python listener on an interface inside a namespace to catch EAP messages.
To be more specific: I'm running a Faucet SDN controller and a topology created in ...
1
vote
1
answer
1k
views
How to create a process in a new Linux namespace
I am trying to create a child process with Python under a new Linux namespace. But checking the subprocess documentation it does not seem as though Python actually has an API to do so. The closest ...
1
vote
1
answer
415
views
How to get file descriptor of parent mount namespace?
In the ioctl_ns(2) man page it is mentioned how one can get the file descriptor that refers to the parent namespace of the namespace referred to by fd. It's mentioned that it only works for ...
0
votes
1
answer
473
views
How to start apache2 in a mininet host, and access it from another host?
Using Mininet, I need to setup an emulated network to test web browsing performance, where one host of it running an apache2 server, and then access it from another host. I already have a configured ...
0
votes
0
answers
421
views
exec fails to find files after root changed using pivot_root
I'm trying to experiment with namespaces and chroot emulation, and have succeeded in creating an environment that only has the new root in it (confirmed by a directory traversal), but for some reason, ...
5
votes
1
answer
928
views
Injecting a mount into a disjoint mount namespace behind a private mount propagation?
As part of some work I'm doing on container diagnostics tooling for Linux container systems like docker and containerd/runc, I've been looking for a way to inject or bind a mount from one mount ...
3
votes
1
answer
1k
views
How to create the docker0 bridge in another network namespace then the default one?
On a server I have an environment with different network namespaces that are created with the command sudo ip netns add ns_name. The physical interfaces of the server get assigned to different ...