How can I switch from a custom linux network namespace back to the default one?

Solution 1:

I found that you can return to the default network namespace with two simple commands:

ln -s /proc/1/ns/net /var/run/netns/default
ip netns exec default ifconfig -a

This method obviously assumes that you can see processes outside your own namespace through the proc file system. If you are in a separate PID namespace as well, returning to the default namespace is not as simple.

The above commands were tested on Ubuntu 14.04. I don't know if there is anything distribution specific about the approach.

Solution 2:

Newer distros/kernels support the nsenter command which, should do what you want, providing you are root when you do it.

Here is an example (Fedora 20).

[root@home ~]# unshare -n /bin/bash
[root@home ~]# ip a l
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@home ~]# ping google.com
ping: unknown host google.com
[root@home ~]# nsenter -t 1 -n -- ping -c 2 google.com
PING google.com (74.125.230.65) 56(84) bytes of data.
64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=1 ttl=56 time=14.2 ms
64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=2 ttl=56 time=15.0 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.239/14.621/15.003/0.382 ms
[root@home ~]# nsenter -t 1 -n -- ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 10:bf:48:88:50:ee brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global p4p1
       valid_lft forever preferred_lft forever
    inet6 fe80::12bf:48ff:fe88:50ee/64 scope link 
       valid_lft forever preferred_lft forever
[root@home ~]#

This relies on the setns system call. You need at least a 3.0 kernel and glibc-2.14 for this to work.

RHEL 6.5 provides support for persistent namespaces but not support for moving existing processes into new namespaces.

Tags:

Linux Networking

Network Namespace

Recent Posts