-c, --create Create network namespace. For running outside systemd private net.
-h, --help Show this help and exit.
-From within systemd network namespace, nat it to the outside. If given
--c, or if in the default network namespace, create a named network
-namepace natted to the current netns.
+From within a systemd network namespace, nat it to the outside. This
+would be called from ExecStartPre, and or subsequent units called with
+JoinsNamespaceOf= and PrivateNetwork=true.
+
+If given -c, or if in the default network namespace, create a named
+network namepace natted to the current netns.
Uses /24 network, finding the first locally unused one starting at
10.173.0.
in a directory adjacent to the absolute, resolved directory this file is
in.
-Background: "ip netns new ..." also does a mount namespace, then bind
+Background:
+
+This script does not make the namespace be named like ip does, because
+the naming is not necessary, although it could have been done with some
+more work. For debugging and joining the namespace with a bash shell, I
+use nsenter -n -m -t $(pgrep PROCESS_IN_NAMESPACE). Note: if I knew how
+to easily ask systemd what pid a unit has, i would do that.
+
+"ip netns new ..." also does a mount namespace, then bind
mounts each file/dir in /etc/netns/NS_NAME to /etc/NS_NAME. Note,
for openvpn having it's own resolv.conf by using it's user script which
calls resolvconf, this doesn't help much. What we actually want to do is
iankelling.org / git / newns / blobdiff