X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=newns;h=4bd1650f7179bddeb1ba0e09888d37d27bf49b31;hb=48072c26a8715f462677c8ce9eaa64c2164b5f6e;hp=d6a1b08eb6bc7805cb5d3fadcc7f50b591b29ef2;hpb=11818aeee42717a9ce5ca1b4ac7bde4a646f1306;p=newns

diff --git a/newns b/newns
index d6a1b08..4bd1650 100755
--- a/newns
+++ b/newns
@@ -40,12 +40,18 @@ usage() {
 usage: ${0##*/} [OPTS] start|stop NS_NAME
 Setup new or systemd created network namespace with nat and mount namespace
 
--c, --create    Create network namespace. For running outside systemd private net.
+-c, --create    Create a named network namespace. When running from
+                the same network namespace as pid 1, this is set automatically.
+                This is the case when running outside a systemd created
+                private network.
 -h, --help      Show this help and exit.
 
-From within systemd network namespace, nat it to the outside. If given
--c, or if in the default network namespace, create a named network
-namepace natted to the current netns.
+From within a systemd network namespace, nat it to the outside. This
+would be called from ExecStartPre, and or subsequent units called with
+JoinsNamespaceOf= and PrivateNetwork=true.
+
+If given -c, or if in the default network namespace, create a named
+network namepace natted to the current netns.
 
 Uses /24 network, finding the first locally unused one starting at
 10.173.0.
@@ -68,7 +74,15 @@ https://iankelling.org/git/?p=errhandle, set ERRHANDLE_PATH, or put it
 in a directory adjacent to the absolute, resolved directory this file is
 in.
 
-Background: "ip netns new ..." also does a mount namespace, then bind
+Background:
+
+This script does not make the namespace be named like ip does, because
+the naming is not necessary, although it could have been done with some
+more work. For debugging and joining the namespace with a bash shell, I
+use nsenter -n -m -t $(pgrep PROCESS_IN_NAMESPACE) bash.  Note: if I
+knew how to easily ask systemd what pid a unit has, i would do that.
+
+"ip netns new ..." also does a mount namespace, then bind
 mounts each file/dir in /etc/netns/NS_NAME to /etc/NS_NAME. Note,
 for openvpn having it's own resolv.conf by using it's user script which
 calls resolvconf, this doesn't help much. What we actually want to do is