On Fri, Jun 22, 2012 at 12:17:28PM +0200, Adrian Reyer wrote:
> as soon as I enable network namespaces with touch
> /etc/vservers/VSNAME/spaces/net, /proc/net/ within the vserver is empty.
> This again breaks ifconfig and dhclient.
I investigated this a bit further.
- The simple trick of bind-mounting a suitable directory on /proc/net
works in a very limited way as /proc/net is a symlink to /proc/self/net
and that way a new PID has the old stuff again.
- /proc/self is not in vprocunhide files, changed this, doesn't help,
other things in /proc/self are visible and have been before. Tried
/proc/self/net as well
- http://lists.openfabrics.org/pipermail/general/2007-January/032102.html
talks about patches to enable /proc/net in network namespaces. The
stuff in there seems not to be contained in the relevant kernel files,
however, those look very different these days and seem to have an
alternate approach implemented.
- Some network namespace post told me about the 'unshare' system call
and I was most happy to find a 'unshare' binary on my host. If I use
this to exectue a shell, I get a (fully?) functional /proc/net
- I searched util-vserver for that unshare system call, there are
similar named functions, but not named exactly like that and my C is
not good enough to understand the flag stuff there fully.
Atm I assume there is a bug in util-vserver and if it is only using an
old/obsolete approach to enable the namespaces or a collision between
/proc/self/net-hiding and namespaces.
Regards,
Adrian
-- LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart Fon: +49 (7 11) 78 28 50 90 - Fax: +49 (7 11) 78 28 50 91 Mail: lihas_at_lihas.de - Web: http://lihas.de Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 StuttgartReceived on Sun Jun 24 09:20:21 2012