iankelling.org
/
git
/
newns
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
small readme update
[newns]
/
newns
diff --git
a/newns
b/newns
index 76c7adf53c6aa4b623572eeb3cb07227f7cfbecb..713c29de8cd7945314d7f9e009a6cbe364e6b0e2 100755
(executable)
--- a/
newns
+++ b/
newns
@@
-38,7
+38,9
@@
fi
usage() {
cat <<EOF
usage: ${0##*/} [OPTS] start|stop NS_NAME
usage() {
cat <<EOF
usage: ${0##*/} [OPTS] start|stop NS_NAME
-Nat a network namespace. create a mount ns. systemd friendly
+Nat a network namespace. systemd friendly
+
+Also creates a mount namespace with a cloned /etc/resolv.conf.
-c, --create Create a named network namespace. When running from
the same network namespace as pid 1, this is set automatically.
-c, --create Create a named network namespace. When running from
the same network namespace as pid 1, this is set automatically.
@@
-157,7
+159,7
@@
dexec() { ip netns exec default "$@"; }
# background: head -n1 is defensive. Not sure if there is some weird feature
# for 2 routes to be 0/0.
# background: head -n1 is defensive. Not sure if there is some weird feature
# for 2 routes to be 0/0.
-gateway_if=$(ipd route list exact 0/0 | head -n1| sed -r 's/.*
\s(\S+)\s*$
/\1/')
+gateway_if=$(ipd route list exact 0/0 | head -n1| sed -r 's/.*
dev\s+(\S+).*
/\1/')
nat() { dexec iptables -t nat $1 POSTROUTING -o $gateway_if -j MASQUERADE \
-m comment --comment "systemd network namespace nat"; }
nat() { dexec iptables -t nat $1 POSTROUTING -o $gateway_if -j MASQUERADE \
-m comment --comment "systemd network namespace nat"; }
@@
-190,8
+192,11
@@
start() {
mkdir -p /root/mount_namespaces
if ! mountpoint /root/mount_namespaces >/dev/null; then
mount --bind /root/mount_namespaces /root/mount_namespaces
mkdir -p /root/mount_namespaces
if ! mountpoint /root/mount_namespaces >/dev/null; then
mount --bind /root/mount_namespaces /root/mount_namespaces
- mount --make-private /root/mount_namespaces
fi
fi
+ # note: This is outside the mount condition because I've mysteriously
+ # had this become shared instead of private, perhaps it
+ # got remounted somehow and lost the setting.
+ mount --make-private /root/mount_namespaces
if [[ ! -e /root/mount_namespaces/$nn ]]; then
touch /root/mount_namespaces/$nn
fi
if [[ ! -e /root/mount_namespaces/$nn ]]; then
touch /root/mount_namespaces/$nn
fi