iankelling.org
/
git
/
newns
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d81b917
)
fix docs, minor refactor for readability
author
Ian Kelling
<iank@fsf.org>
Sun, 11 Oct 2020 12:56:19 +0000
(08:56 -0400)
committer
Ian Kelling
<iank@fsf.org>
Sun, 11 Oct 2020 12:56:19 +0000
(08:56 -0400)
newns
patch
|
blob
|
history
diff --git
a/newns
b/newns
index 05e1068b5c5ebe20f377fff62e1aa13bf1f91ea5..26874a14949742fd449609038ec4059dc8423081 100755
(executable)
--- a/
newns
+++ b/
newns
@@
-38,7
+38,7
@@
Nat a network namespace. systemd friendly
Also creates a mount namespace with a cloned /run/resolvconf.
Also creates a mount namespace with a cloned /run/resolvconf.
--c, --create Create a named network namespace. When running from
+-c, --create Create
or destroy
a named network namespace. When running from
the same network namespace as pid 1, this is set automatically.
A systemd created private network is in a network namespace
different than pid 1.
the same network namespace as pid 1, this is set automatically.
A systemd created private network is in a network namespace
different than pid 1.
@@
-60,9
+60,9
@@
From within a systemd network namespace, we nat it to the outside. This
would be called from ExecStartPre, and or subsequent units called with
JoinsNamespaceOf= and PrivateNetwork=true.
would be called from ExecStartPre, and or subsequent units called with
JoinsNamespaceOf= and PrivateNetwork=true.
-We also create a named mount namespace under /root/mount_namespaces, so we
-can alter some system config for this namespace. systemd
-command lines would be prefixed with:
+If resolvconf is installed, we create a named mount namespace under
+/root/mount_namespaces, so we can alter some system config for this
+
namespace. systemd
command lines would be prefixed with:
/usr/bin/nsenter --mount=/root/mount_namespaces/NS_NAME
/usr/bin/nsenter --mount=/root/mount_namespaces/NS_NAME
@@
-161,14
+161,15
@@
fi
ipd() { ip -n default "$@"; }
ipd() { ip -n default "$@"; }
+
+
+# otherwise we are already in the network namespace and it's unnamed.
if $create; then
if $create; then
- # run ip in the network namespace
- ipnn() { ip -n $nn "$@"; }
-else
- # we are already in the network namespace and it's unnamed.
- # run ip in the network namespace
- ipnn() { ip "$@"; }
+ ipnnargs="-n $nn"
fi
fi
+# run ip in the network namespace
+ipnn() { ip $ipnnargs "$@"; }
+
# default network namespace exec
dexec() { ip netns exec default "$@"; }
# mount namespace exec
# default network namespace exec
dexec() { ip netns exec default "$@"; }
# mount namespace exec
@@
-285,7
+286,7
@@
start() {
ipnn route add default via $network.1
###### begin setup resolvconf
ipnn route add default via $network.1
###### begin setup resolvconf
- if [[ -e /run/resolvconf ]]; then # resolvconf probably
not
installed
+ if [[ -e /run/resolvconf ]]; then # resolvconf probably installed
resolv_copy=/root/resolvconf-$nn
# this condition should never happen, just coding defensively
resolv_copy=/root/resolvconf-$nn
# this condition should never happen, just coding defensively