How to switch from a custom linux network namespace back to the default one

With ip netns exec you can execute a command in a custom network namespace – but is there also a way to execute a command in the default namespace?

For example, after executing these two commands:

sudo ip netns add test_ns
sudo ip netns exec test_ns bash

How can the newly created bash execute programs in the default network namespace? There is no ip netns exec default or anything similar as far as I've found.

My scenario is:

I want to run a SSH server in a separate network namespace (to keep the rest of the system unaware of the network connection, as the system is used for network testing), but want to be able to execute programs in the default network namespace via the SSH connection.

What I've found out so far:

Created network namespaces are listed as files under /var/run/netns (but there is no file for the default namespace)
The ip netns exec code can be found here: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/ip/ipnetns.c#n132 – I haven't grasped everything that it is doing yet, but it doesn't look very promising.
ip netns identify $$ as suggested by Howto query and change network namespace on linux? returns nothing when in the default network namespace

[root@home ~]# unshare -n /bin/bash [root@home ~]# ip a l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 [root@home ~]# ping google.com ping: unknown host google.com [root@home ~]# nsenter -t 1 -n -- ping -c 2 google.com PING google.com (74.125.230.65) 56(84) bytes of data. 64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=1 ttl=56 time=14.2 ms 64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=2 ttl=56 time=15.0 ms --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 14.239/14.621/15.003/0.382 ms [root@home ~]# nsenter -t 1 -n -- ip a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 10:bf:48:88:50:ee brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global p4p1 valid_lft forever preferred_lft forever inet6 fe80::12bf:48ff:fe88:50ee/64 scope link valid_lft forever preferred_lft forever [root@home ~]#

Best Answer

Newer distros/kernels support the nsenter command which, should do what you want, providing you are root when you do it.

Here is an example (Fedora 20).

This relies on the setns system call. You need at least a 3.0 kernel and glibc-2.14 for this to work.

RHEL 6.5 provides support for persistent namespaces but not support for moving existing processes into new namespaces.

Best Answer

Related Solutions

Debian – VRF on Linux using network namespaces

How to create permanent linux network namespace

Related Topic