利用setns()将进程加入一个新的network namespace
1、首先使用docker创建一个容器,并获取该容器的network namespace
monster@monster-Z:~$ docker run -itd --name test ubuntu /bin/bash
3926b5b272107843602fae240fdda929c0e5830dbadc0122b10cd8e66cf71f31
monster@monster-Z:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3926b5b27210 ubuntu "/bin/bash" 3 seconds ago Up 2 seconds test
monster@monster-Z:~$ docker inspect --format '{{ .State.Pid }}' test
3656
由上可知,该容器的network namespace在/proc/3656/ns/net
2、启动一个程序,加入该network namespace,并且exec为bash,查看运行效果
程序文件如下所示:
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE);\
} while (0)
int
main(int argc, char *argv[]) {
int fd;
if (argc < 3) {
fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\n", argv[0]);
exit(EXIT_FAILURE);
}
fd = open(argv[1], O_RDONLY); // Get descriptor for namespace
if (fd == -1)
errExit("open");
if (setns(fd, 0) == -1) // Join that namespace
errExit("setns");
execvp(argv[2], &argv[2]); // Execute a command in namspace
errExit("execvp");
}
3、操作步骤如下所示,已经进入了该network namespace
root@monster-Z:/home/monster/TEST/c# ./ns_exec /proc/3656/ns/net /bin/bash
root@monster-Z:/home/monster/TEST/c# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4324 (4.3 KB) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
浙公网安备 33010602011771号