netns icon indicating copy to clipboard operation
netns copied to clipboard

Published 20 hours ago verified publisher icon vishvananda

Failed to get namespace using GetFromDocker

Open sbezverk opened this issue 6 years ago • 3 comments

Hello, when I try to get namespace from a docker container by its id function call fails with:

2018/07/18 13:13:08 Failed to get Linux namespace for pod default/pod-1 with error: Unable to find 
container: d64735b6ad2c77732b62b293c7573a591b6fec4bb47df525b813b3ac4f04b732

But if I run docker inspect for this ID docker finds this container. Anything I am doing wrong?

[root@kube-3 ~]# docker inspect d64735b6ad2c77732b62b293c7573a591b6fec4bb47df525b813b3ac4f04b732
[
    {
        "Id": "d64735b6ad2c77732b62b293c7573a591b6fec4bb47df525b813b3ac4f04b732",
        "Created": "2018-07-18T15:00:15.785074265Z",
        "Path": "/bin/sh",
        "Args": [
            "-xec",
            "while true; do ( echo \"Doing nothing\"; sleep 30; ) done\n"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 29842,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2018-07-18T15:00:15.918309182Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },

sbezverk avatar Jul 18 '18 17:07 sbezverk

You should be able to use GetFromPath instead of GetFromDocker. Have a look at https://github.com/vishvananda/netns/blob/master/netns_linux.go:

// GetFromPath gets a handle to a network namespace
// identified by the path
func GetFromPath(path string) (NsHandle, error) {
	fd, err := syscall.Open(path, syscall.O_RDONLY, 0)
	if err != nil {
		return -1, err
	}
	return NsHandle(fd), nil
}

You should be able to get the namespace from /var/run/docker/netns. You can also do ln -s /var/run/docker/netns /var/run/netns and use GetFromName but that just calls GetFromPath in the background, but this is good only if you desire to also be able to control the network namespaces with ip netns (for example if you also run some bash commands on the netns)

g00nix avatar Jun 08 '19 10:06 g00nix

You should be able to get the namespace from /var/run/docker/netns. You can also do ln -s /var/run/docker/netns /var/run/netns and use GetFromName but that just calls GetFromPath in the background, but this is good only if you desire to also be able to control the network namespaces with ip netns (for example if you also run some bash commands on the netns)

My Docker version uses the Docker network sandbox id as identifiers in /var/run/docker/netns. This is not the same as the container id.

E.g.

CONTAINER="my_container"
SANDBOX_ID=$(docker inspect ${CONTAINER} | jq .[0].NetworkSettings.SandboxID[:12])
NETNS=/var/run/docker/netns/${SANDBOX_ID}

stv0g avatar Oct 11 '21 23:10 stv0g

Seems like the following is easier

CONTAINER="my_container"
PID=$(docker inspect ${CONTAINER} | jq .[0].State.Pid)
NETNS=/proc/${PID}/ns/net

stv0g avatar Oct 11 '21 23:10 stv0g