Use named namespaces? - Githubissues

hashbang / pam_network_namespace

Linux PAM module to give users their own network namespace

MIT License

5 stars 4 forks source link

Use named namespaces? #1

Open daurnimator opened 8 years ago

daurnimator commented 8 years ago

To make it a named netns:

mkdir("/var/run/netns", 0755) != EEXIST
mount("", "/var/run/netns", "none", MS_REC|MS_SHARED, NULL)
open("/var/run/netns/%s", O_RDONLY|O_CREAT|O_EXCL, 0) = 5
close(5)
mount("/proc/self/ns/net", "/var/run/netns/%s", "proc", MS_BIND, NULL)

Unfortunatly, I think this would lose us automatic cleanup

KellerFuchs commented 8 years ago

What would be the advantage of using a named namespace?

daurnimator commented 8 years ago

What would be the advantage of using a named namespace?

They appear nicely in standard utilities such as ip. Would make it much easier for semi-novice admins to track down which user's network namespace is doing what.

KellerFuchs commented 8 years ago

Also, that would avoid accidentally creating a different netns for each user.