ip网络列表中不可见docker网络命名空间 [英] docker networking namespace not visible in ip netns list

问题描述

当我使用

docker run -it -m 560m --cpuset-cpus=1,2 ubuntu sleep 120

并检查其名称空间，我可以看到已经创建了新的名称空间(pid 7047的示例).

and check its namespaces, I can see that new namespaces have been created (example for pid 7047).

root@dude2:~# ls /proc/7047/ns -la
total 0
dr-x--x--x 2 root root 0 Jul  7 12:17 .
dr-xr-xr-x 9 root root 0 Jul  7 12:16 ..
lrwxrwxrwx 1 root root 0 Jul  7 12:17 ipc -> ipc:[4026532465]
lrwxrwxrwx 1 root root 0 Jul  7 12:17 mnt -> mnt:[4026532463]
lrwxrwxrwx 1 root root 0 Jul  7 12:17 net -> net:[4026532299]
lrwxrwxrwx 1 root root 0 Jul  7 12:17 pid -> pid:[4026532466]
lrwxrwxrwx 1 root root 0 Jul  7 12:17 user -> user:[4026531837]
lrwxrwxrwx 1 root root 0 Jul  7 12:17 uts -> uts:[4026532464]
root@dude2:~# ls /proc/self/ns -la

当我使用ip netns list进行检查时，看不到新的网络名称空间.

When I check with ip netns list I cannot see the new net namespace.

dude@dude2:~/docker/testroot$ ip netns list
dude@dude2:~/docker/testroot$ 

知道为什么吗?

推荐答案

这是因为docker并未创建所需的符号链接:

That's because docker is not creating the reqired symlink:

# (as root)
pid=$(docker inspect -f '{{.State.Pid}}' ${container_id})
mkdir -p /var/run/netns/
ln -sfT /proc/$pid/ns/net /var/run/netns/$container_id

然后，可以使用ip netns ${container_id}检查容器的netns命名空间，例如:

Then, the container's netns namespace can be examined with ip netns ${container_id}, e.g.:

# e.g. show stats about eth0 inside the container 
ip netns exec "${container_id}" ip -s link show eth0

这篇关于ip网络列表中不可见docker网络命名空间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！