minor improvement

[newns] / newns

diff --git a/newns b/newns
index dbc922198a5e4e2ee820d70e0e9365cb3c85c036..a3a932511a5b326967208bcd8f8f3b707d7beb0e 100755 (executable)
--- a/newns
+++ b/newns
@@ -38,7 +38,7 @@ Nat a network namespace. systemd friendly
 
 Also creates a mount namespace with a cloned /run/resolvconf.
 
--c, --create    Create a named network namespace. When running from
+-c, --create    Create or destroy a named network namespace. When running from
                 the same network namespace as pid 1, this is set automatically.
                 A systemd created private network is in a network namespace
                 different than pid 1.
@@ -60,9 +60,9 @@ From within a systemd network namespace, we nat it to the outside. This
 would be called from ExecStartPre, and or subsequent units called with
 JoinsNamespaceOf= and PrivateNetwork=true.
 
-We also create a named mount namespace under /root/mount_namespaces, so we
-can alter some system config for this namespace. systemd
-command lines would be prefixed with:
+If resolvconf is installed, we create a named mount namespace under
+/root/mount_namespaces, so we can alter some system config for this
+namespace. systemd command lines would be prefixed with:
 
 /usr/bin/nsenter --mount=/root/mount_namespaces/NS_NAME
 
@@ -143,7 +143,6 @@ if $install_error; then
 fi
 ####   end sanity checking ####
 
-
 v0=veth0-$nn
 v1=veth1-$nn
 ip_base=10.173
@@ -153,22 +152,24 @@ if ! $create && [[ $(readlink /proc/self/ns/net) == "$(readlink /proc/1/ns/net)"
 fi
 
 # make the default network namespace be named
+
+mkdir -p /run/netns
 target=/run/netns/default
 if [[ ! -e $target && ! -L $target ]]; then
-  mkdir -p /run/netns
-  ln -s /proc/1/ns/net $target
+  # -f to avoid a race condition with running twice
+  ln -sf /proc/1/ns/net $target
 fi
 
-
 ipd() { ip -n default "$@"; }
+
+
+# otherwise we are already in the network namespace and it's unnamed.
 if $create; then
-  # run ip in the network namespace
-  ipnn() { ip -n $nn "$@"; }
-else
-  # we are already in the network namespace and it's unnamed.
-  # run ip in the network namespace
-  ipnn() { ip "$@"; }
+  ipnnargs="-n $nn"
 fi
+# run ip in the network namespace
+ipnn() { ip $ipnnargs "$@"; }
+
 # default network namespace exec
 dexec() { ip netns exec default "$@"; }
 # mount namespace exec
@@ -274,7 +275,7 @@ start() {
   diptables-add FORWARD -o $v0 -j ACCEPT
 
 
-  _errcatch_cleanup=stop
+  err-cleanup() { stop; }
   ipnn link add $v0 type veth peer name $v1
   ipnn link set $v0 netns default
   ipd addr add $network.1/24 dev $v0
@@ -285,7 +286,7 @@ start() {
   ipnn route add default via $network.1
 
   ###### begin setup resolvconf
-  if [[ -e /run/resolvconf ]]; then # resolvconf probably not installed
+  if [[ -e /run/resolvconf ]]; then # resolvconf probably installed
     resolv_copy=/root/resolvconf-$nn
 
     # this condition should never happen, just coding defensively
@@ -331,7 +332,7 @@ stop() {
   if ! $existing; then
     if nat -C &>/dev/null; then nat -D; fi
   fi
-  dexec iptables -D FORWARD -i $v0 -j ACCEPT ||:
+  dexec iptables -D FORWARD -i $v0 -j ACCEPT &>/dev/null ||:
   if $create && [[ -e /var/run/netns/$nn ]]; then
     ip netns del $nn
   fi