<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1476911136178_6175">Adding the steps taken to launch the container:</div><div id="yui_3_16_0_ym19_1_1476911136178_6175"><br></div><pre style="margin-top: 0px; padding: 5px; border: 0px; font-size: 13px; width: auto; max-height: 600px; overflow: auto; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; background-color: rgb(239, 240, 241); word-wrap: normal; color: rgb(17, 17, 17);" id="yui_3_16_0_ym19_1_1476911136178_6198"><code style="margin-top: 0px; margin-bottom: 0px; padding: 0px; border: 0px; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; white-space: inherit;" id="yui_3_16_0_ym19_1_1476911136178_6199">lxc profile create devstack-profile
lxc profile set devstack-profile linux.kernel_modules br_netfilter
lxc profile device add devstack-profile eth0 nic nictype=bridged parent=br-lxd-mgmt
lxc profile device add devstack-profile eth1 nic nictype=bridged parent=br-lxd-fip
lxc launch ubuntu:16.04 c1 -p devstack-profile
lxc config device add c1 tun unix-char path=/dev/net/tun
lxc config set c1 security.nesting true</code></pre> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Wednesday, October 19, 2016 8:34 AM, Yinon <yinonby.hpe@yahoo.com> wrote:<br></font></div>  <br><br> <div class="y_msg_container"><div id="yiv9819321486"><!--[if gte mso 9]><xml><o:OfficeDocumentSettings><o:AllowPNG/><o:PixelsPerInch>96</o:PixelsPerInch></o:OfficeDocumentSettings></xml><![endif]--><div><div style="color:#000;background-color:#fff;font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3567">I installed an Ubuntu server 16.04. Inside I installed LXD and running an Ubuntu 16.04 container.</div><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3568">Initially, I had this problem when trying to "ip netns add":</div><blockquote style="margin:0px 0px 10px;padding:10px;border-top:0px;border-right:0px;border-bottom:0px;border-left:none;font-size:15px;background-color:rgb(244, 244, 244);color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3569"><div style="margin-top:0px;margin-bottom:0px;border:0px;clear:both;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3570">mount –make-shared /var/run/netns failed: Permission denied</div></blockquote><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3571">And I did this to work around it:</div><blockquote style="margin:0px 0px 10px;padding:10px;border-top:0px;border-right:0px;border-bottom:0px;border-left:none;font-size:15px;background-color:rgb(244, 244, 244);color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3572"><div style="margin-top:0px;margin-bottom:0px;border:0px;clear:both;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3573">lxc config set container security.nesting true</div></blockquote><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3574">But now I get:</div><blockquote style="margin:0px 0px 10px;padding:10px;border-top:0px;border-right:0px;border-bottom:0px;border-left:none;font-size:15px;background-color:rgb(244, 244, 244);color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3575"><div style="margin-top:0px;margin-bottom:0px;border:0px;clear:both;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3576">mount of /sys failed: Operation not permitted</div></blockquote><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3577">when I try to "ip netns exec".</div><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" dir="ltr" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3578">What am I missing?</div><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" dir="ltr" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3578"><br></div><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" dir="ltr" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3578">Also posted here: </div><div style="margin-top:0px;margin-bottom:1em;border:0px;font-size:15px;clear:both;color:rgb(17, 17, 17);font-family:Ubuntu, Arial,;" dir="ltr" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3578"><a rel="nofollow" target="_blank" href="http://askubuntu.com/questions/839233/how-can-i-exec-a-network-namespace-ip-netns-inside-an-lxc-container" class="yiv9819321486enhancr2_6309f3a5-2904-a432-71f3-9f97d53e5411" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3605" style="background-color:rgb(255, 255, 255);">How can I "exec" a network namespace (ip netns) inside an lxc container</a><br></div><div id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3613"><br></div><div id="yiv9819321486enhancr2_6309f3a5-2904-a432-71f3-9f97d53e5411" class="yiv9819321486yahoo-link-enhancr-card  yiv9819321486ymail-preserve-class yiv9819321486ymail-preserve-style" style="max-width:400px;font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;" data-url="http://askubuntu.com/questions/839233/how-can-i-exec-a-network-namespace-ip-netns-inside-an-lxc-container" data-type="yenhancr" data-category="website" data-embed-url="" data-size="medium" dir="ltr"> <a rel="nofollow" target="_blank" href="http://askubuntu.com/questions/839233/how-can-i-exec-a-network-namespace-ip-netns-inside-an-lxc-container" style="text-decoration:none;color:#000;" class="yiv9819321486yahoo-enhancr-cardlink" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3631"> <table class="yiv9819321486card-wrapper yiv9819321486yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" style="max-width:400px;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3630"> <tbody id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3629"><tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3628"> <td width="400" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3627"> <table class="yiv9819321486card yiv9819321486yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" width="100%" style="max-width:400px;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3626"> <tbody id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3625"><tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3624"> <td class="yiv9819321486card-primary-image-cell" style="background:#000 url('https://s.yimg.com/vv//api/res/1.2/MSDRvfZ.Vv_fcZX6LZMJNQ--/YXBwaWQ9bWFpbDtmaT1maWxsO2g9MjAwO3c9NDAw/http://cdn.sstatic.net/Sites/askubuntu/img/apple-touch-icon@2.png?v=c492c9229955&a.cf.jpg') no-repeat center center;background-size:cover;height:200px;position:relative;" background="https://s.yimg.com/vv//api/res/1.2/MSDRvfZ.Vv_fcZX6LZMJNQ--/YXBwaWQ9bWFpbDtmaT1maWxsO2g9MjAwO3c9NDAw/http://cdn.sstatic.net/Sites/askubuntu/img/apple-touch-icon@2.png?v=c492c9229955&a.cf.jpg" bgcolor="#000000" valign="top" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3623"><!--[if gte mso 9]><v:rect fill="true" stroke="false" style="width:400px;height:218px;position:absolute;top:0;left:0;"><v:fill type="frame" color="#000000" src="https://s.yimg.com/vv//api/res/1.2/MSDRvfZ.Vv_fcZX6LZMJNQ--/YXBwaWQ9bWFpbDtmaT1maWxsO2g9MjAwO3c9NDAw/http://cdn.sstatic.net/Sites/askubuntu/img/apple-touch-icon@2.png?v=c492c9229955&a.cf.jpg"/></v:rect><![endif]-->  <table class="yiv9819321486yahoo-ignore-table" cellpadding="0" cellspacing="0" border="0" style="width:100%;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3622"> <tbody id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3621"><tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3620"> <td style="background:transparent url('https://s.yimg.com/nq/storm/assets/enhancrV2/12/overlay-tile.png') repeat left top;height:200px;" background="https://s.yimg.com/nq/storm/assets/enhancrV2/12/overlay-tile.png" bgcolor="transparent" valign="top" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3619"><!--[if gte mso 9]><v:rect fill="true" stroke="false" style="width:400px;height:218px;position:absolute;top:-18px;left:0;"><v:fill type="pattern" color="#000000" src="https://s.yimg.com/nq/storm/assets/enhancrV2/12/overlay-tile.png"/><v:textbox inset="0,0,20px,0"><![endif]-->  <table class="yiv9819321486yahoo-ignore-table" height="185" style="width:100%;height:185px;min-height:185px;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3618"> <tbody id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3617"><tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3616"> <td class="yiv9819321486card-richInfo2" style="text-align:left;text-align:left;padding:15px 0 0 15px;vertical-align:top;">  </td> <td class="yiv9819321486card-actions" style="text-align:right;padding:15px 15px 0 0;vertical-align:top;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3615"> <div class="yiv9819321486card-share-container"></div> </td> </tr> </tbody></table><!--[if gte mso 9]></v:textbox></v:rect><![endif]-->  </td> </tr> </tbody></table> </td> </tr> <tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3668"> <td id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3667"> <table class="yiv9819321486card-info yiv9819321486yahoo-ignore-table" align="center" cellpadding="0" cellspacing="0" border="0" style="background:#fff;position:relative;z-index:2;width:95%;max-width:380px;border:1px solid #e0e4e9;border-bottom:3px solid #000000;margin-top:-40px;margin-left:auto;margin-right:auto;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3666"> <tbody id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3665"><tr id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3664"> <td style="background-color:#ffffff;padding:16px 0 16px 12px;vertical-align:top;">  </td> <td style="vertical-align:middle;padding:16px 12px;width:99%;" id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3663"> <h2 class="yiv9819321486card-title" style="font-size:16px;line-height:19px;margin:0 0 4px 0;font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;">How can I "exec" a network namespace (ip netns) inside an lxc con...</h2>  <div class="yiv9819321486card-description" style="font-size:11px;line-height:15px;color:#999;">I installed an Ubuntu server 16.04. Inside I installed LXD and running an Ubuntu 16.04 container.  Initially, I ...</div> </td> <td style="text-align:right;padding:16px 12px 16px 0;">  </td> </tr> </tbody></table> </td> </tr> </tbody></table> </td> </tr> </tbody></table> </a></div><div id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3650"><br></div><div id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3651"><br></div><div id="yiv9819321486yui_3_16_0_ym19_1_1476887484144_3651">Thanks</div></div></div></div><br><br></div>  </div> </div>  </div></div></body></html>