netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Naja Melan <najamelan@autistici.org>
To: netdev@vger.kernel.org
Subject: ip netns exec hides mount points from child processes
Date: Wed, 02 Jan 2019 19:01:00 +0000	[thread overview]
Message-ID: <e3493413-38f8-69a3-6ab8-7ce9610a40e9@autistici.org> (raw)

hi,

I have been using network namespaces for a while, mostly with good results. Recently I ran into a problem where the cgroup mount points are missing for software that needs it (runc).

I discovered that ip netns exec creates a mount namespace to bind mount network configuration files. I suppose that not all mount points are propagated to the new mount ns. Is this correct? I'm wondering if this is intended behaviour. 

In my case this is unexpected (man page does not mention hiding mount points) and undesired (breaks software I run in different netns). Is there a way around this problem.

Note that bind mounting network configuration files is not a problem in my case, but currently I loose at least:

- all cgroup mounts
- debugfs
- configfs 
- pstore
- sysfs
- selinuxfs
- securityfs

Is this a bug, if not is there a way to work around this?

Thanks in advance for your consideration
Naja Melan

             reply	other threads:[~2019-01-02 19:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-02 19:01 Naja Melan [this message]
2019-01-05 19:52 ` ip netns exec hides mount points from child processes Eric W. Biederman
2019-09-18 16:26   ` Naja Melan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e3493413-38f8-69a3-6ab8-7ce9610a40e9@autistici.org \
    --to=najamelan@autistici.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).