namespace problem

Thomas Köller <thomas@xxxxxxxxxxxxxxxxxx> · Thu, 18 Jul 2024 09:43:35 +0200

Hi,

I have a problem creating a namespace from a systemd service. The 
service (type oneshot) invokes a shell script containing these two lines:

    ip netns add vpnlink
    iw phy phy0 set netns name vpnlink

Both commands succeed, meaning they do not return an error, and so the 
service start is successful. However, the newly created network 
namespace is apparently unusable. Invoking the script from a root shell 
outside of the systemd service successfully creates the namespace. The 
log below illustrates the problem:

root@htpc:~/netsu# ip netns list
root@htpc:~/netsu# ./netsu
root@htpc:~/netsu# ip netns list
vpnlink (id: 0)
root@htpc:~/netsu# ip netns exec vpnlink ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: wlan_usb: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode 
DEFAULT group default qlen 1000
    link/ether 00:0f:60:06:7f:3b brd ff:ff:ff:ff:ff:ff
root@htpc:~/netsu# ip netns del vpnlink
root@htpc:~/netsu# ip netns list
root@htpc:~/netsu# systemctl restart network-setup.service
root@htpc:~/netsu# systemctl status network-setup.service
● network-setup.service
     Loaded: loaded (/etc/systemd/system/network-setup.service; 
enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (exited) since Thu 2024-07-18 09:34:55 CEST; 14s ago
    Process: 3320 ExecStart=/root/netsu/netsu (code=exited, 
status=0/SUCCESS)
   Main PID: 3320 (code=exited, status=0/SUCCESS)
        CPU: 29ms

Jul 18 09:34:55 htpc systemd[1]: Starting network-setup.service...
Jul 18 09:34:55 htpc systemd[1]: Finished network-setup.service.
root@htpc:~/netsu# ip netns list
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
vpnlink
root@htpc:~/netsu# ip netns exec vpnlink ip link show
setting the network namespace "vpnlink" failed: Invalid argument
root@htpc:~/netsu# ip netns del vpnlink

Am I missing something? Of course, the process running the root shell 
invoked from the command line is ultimately also a child of systemd, 
which is the system's init process.