X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=newns;h=a3a932511a5b326967208bcd8f8f3b707d7beb0e;hb=8e4cd767defea2b4bc5466978643e6f1bbaf7578;hp=05e1068b5c5ebe20f377fff62e1aa13bf1f91ea5;hpb=d81b917646d84690b15df703aaf81c5571ac9248;p=newns

diff --git a/newns b/newns
index 05e1068..a3a9325 100755
--- a/newns
+++ b/newns
@@ -38,7 +38,7 @@ Nat a network namespace. systemd friendly
 
 Also creates a mount namespace with a cloned /run/resolvconf.
 
--c, --create    Create a named network namespace. When running from
+-c, --create    Create or destroy a named network namespace. When running from
                 the same network namespace as pid 1, this is set automatically.
                 A systemd created private network is in a network namespace
                 different than pid 1.
@@ -60,9 +60,9 @@ From within a systemd network namespace, we nat it to the outside. This
 would be called from ExecStartPre, and or subsequent units called with
 JoinsNamespaceOf= and PrivateNetwork=true.
 
-We also create a named mount namespace under /root/mount_namespaces, so we
-can alter some system config for this namespace. systemd
-command lines would be prefixed with:
+If resolvconf is installed, we create a named mount namespace under
+/root/mount_namespaces, so we can alter some system config for this
+namespace. systemd command lines would be prefixed with:
 
 /usr/bin/nsenter --mount=/root/mount_namespaces/NS_NAME
 
@@ -143,7 +143,6 @@ if $install_error; then
 fi
 ####   end sanity checking ####
 
-
 v0=veth0-$nn
 v1=veth1-$nn
 ip_base=10.173
@@ -153,22 +152,24 @@ if ! $create && [[ $(readlink /proc/self/ns/net) == "$(readlink /proc/1/ns/net)"
 fi
 
 # make the default network namespace be named
+
+mkdir -p /run/netns
 target=/run/netns/default
 if [[ ! -e $target && ! -L $target ]]; then
-  mkdir -p /run/netns
-  ln -s /proc/1/ns/net $target
+  # -f to avoid a race condition with running twice
+  ln -sf /proc/1/ns/net $target
 fi
 
-
 ipd() { ip -n default "$@"; }
+
+
+# otherwise we are already in the network namespace and it's unnamed.
 if $create; then
-  # run ip in the network namespace
-  ipnn() { ip -n $nn "$@"; }
-else
-  # we are already in the network namespace and it's unnamed.
-  # run ip in the network namespace
-  ipnn() { ip "$@"; }
+  ipnnargs="-n $nn"
 fi
+# run ip in the network namespace
+ipnn() { ip $ipnnargs "$@"; }
+
 # default network namespace exec
 dexec() { ip netns exec default "$@"; }
 # mount namespace exec
@@ -285,7 +286,7 @@ start() {
   ipnn route add default via $network.1
 
   ###### begin setup resolvconf
-  if [[ -e /run/resolvconf ]]; then # resolvconf probably not installed
+  if [[ -e /run/resolvconf ]]; then # resolvconf probably installed
     resolv_copy=/root/resolvconf-$nn
 
     # this condition should never happen, just coding defensively