i tried this sequence on a variety of machines:
# ip link add marty-host type veth peer name marty-newns
# lxc-unshare -s "NETWORK|PID|MOUNT|UTSNAME" -M -H marty -i marty-newns /bin/sh
# RTNETLINK answers: No such process
lxc-unshare: tools/lxc_unshare.c: main: 423 No such file or directory - Could not move interface "marty-newns" into container 9505
On ubuntu 14.04 it worked as expected.
On ubuntu 18.04 and ubuntu 20.04, It gave above output (and made the machine
unstable – I saw this on both ubuntu 18.04 and 20.04:
# exit
/bin/sh: 2: Cannot set tty process group (No such process)
root@vostro:/home/leisner# exit
exit
leisner@vostro
:
~
$ df
df: cannot read table of mounted file systems: No such file or directory
In lxc_unshare.c (this is 4.06, it happens in 4.02 and 3.03 too) this code looks very strange:
399 lxc_list_for_each(iterator, &ifnames) {
400 ifname = iterator->elem;
401 if (!ifname)
402 continue;
403
404 lpid = fork();
405 if (lpid < 0) {
406 SYSERROR("Failed to move network device \"%s\" to network namespace",
407 ifname);
408 continue;
409 }
410
411 if (lpid == 0) {
412 char buf[256];
413
414 ret = snprintf(buf, 256, "%d", lpid);
415 if (ret < 0 || ret >= 256)
416 _exit(EXIT_FAILURE);
417
418 execlp("ip", "ip", "link", "set", "dev", ifname, "netns", buf, (char *)NULL);
419 _exit(EXIT_FAILURE);
420 }
421
422 if (wait_for_pid(lpid) != 0)
423 SYSERROR("Could not move interface \"%s\" into container %d",
424 ifname, lpid);
425 }
426
buf HAS to be a string “0”-- and it passed to ip has a “netns name” – I had a problem since I
don’t fully understand why lxc can use container names and PID – but name network namespace names…i seems buf should/can be replaced above by “0” – but it still doesn’t work.
And I’m very concerned it makes machines unstable (I tried it on linux 5.4 and 5.8). ubuntu 14.04 (lxc 1.0.10).
marty