[systemd-devel] Systemd-nspawn -- Canot add interface to container

Marcel Holtmann marcel at holtmann.org
Thu Oct 2 04:06:02 PDT 2014 

Hi Lennart,

>>> I'm having another issue with private networking in systemd-nspawn. This one 
>>> I'm not so certain is a bug, but probably some kind of mistake on my part. 
>>> Base on my reading of the systemd-nspawn man page though, I can't figure out 
>>> what the problem is. Basically, all I'm tring to do is remove an interface 
>>> from the host namespace and provide it to the container. Details are included 
>>> below (This is systemd 216-r3 in Arch Linux ARM).
>>> 
>>> [root at host01 ~]# systemd-nspawn --network-interface=wlan0 -M1 -bD 
>>> /home/lanvpn/
>>> Spawning container 1 on /home/lanvpn.
>>> Press ^] three times within 1s to kill container.
>>> Failed to move interface wlan0 to namespace: File exists
>> 
>> actually netdev interfaces like wlan0 can not move into network namespaces by themselves. With wireless hardware, the underlying physical device (for example phy0) needs to move into the namespace. Which means that all netdev that belong to a specific phyX will move with it into the namespace.
>> 
>> Try using "iw phy <phyname> set netns <pid>" to achieve this.
> 
> Marcel, what does this internally do? Maybe this is something we
> should somehow expose in nspawn as well?

this nl80211 is based on generic netlink, you would need to do a lot to just add simple support for it. Also for all network interfaces that have complex physical devices as base (including Bluetooth) it is never that dead simple.

Maybe it would be useful for systemd-nspawn to add an option to call a binary that takes the PID of the first process in the namespace as first argument. Then you can push additional setup to such a binary.

I am actually hacking around a wireless simulator that could make use of this. Since besides actually moving a wiphy into a namespace, it would also need to setup up the simulated pairs of wiphy first. Currently my code duplicates a lot of details that systemd-nspawn is doing already. But wireless specific details should stay out of systemd in my opinion.

Regards

Marcel

More information about the systemd-devel mailing list