[lxc-users] Difference in using network namespace via ip command and lxc
Ajith Adapa
ajith.adapa at gmail.com
Sat Jun 28 06:44:29 UTC 2014
Thanks @serge for the reply.
So we cannot create a namespace without binding it to a process then ?
On Fri, Jun 27, 2014 at 10:49 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Ajith Adapa (ajith.adapa at gmail.com):
>> Hi,
>>
>> I am quite new to network namespaces and just making my hands dirty
>> using ip command to create network namespaces.
>>
>> As per the man page for ip command
>>
>> " By convention a named network namespace is an object at
>> /var/run/netns/NAME that can be opened. The file descriptor
>> resulting from opening /var/run/netns/NAME refers to the specified
>> network namespace. Holding that file descriptor open keeps the
>> network namespace alive. The file descriptor can be used with the
>> setns(2) system call to change the network namespace associated with
>> a task."
>>
>> But incase of lxc I am seeing that /var/run/netns is empty.
>>
>> Is there any difference in the behaviour of network namespace incase
>> of lxc container ?
>
> The convention is one used by /sbin/ip, not the kernel.
>
> lxc indeed does not use /var/run/netns. When you use lxc-attach to enter
> a container's netns, lxc goes straight to the /proc/pid/ns/net where pid
> is the container init process' pid. /sbin/ip cannot count on a process
> being around to pin the namespace, so it makes a bind mount of that file,
> which pins it so that even if there are no tasks in the namespace, the
> namespace is not released.
>
> -serge
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list