[systemd-devel] namespace problem

Thomas Köller thomas at koeller.dyndns.org
Thu Jul 18 07:43:35 UTC 2024 

Hi,

I have a problem creating a namespace from a systemd service. The 
service (type oneshot) invokes a shell script containing these two lines:

     ip netns add vpnlink
     iw phy phy0 set netns name vpnlink

Both commands succeed, meaning they do not return an error, and so the 
service start is successful. However, the newly created network 
namespace is apparently unusable. Invoking the script from a root shell 
outside of the systemd service successfully creates the namespace. The 
log below illustrates the problem:

root at htpc:~/netsu# ip netns list
root at htpc:~/netsu# ./netsu
root at htpc:~/netsu# ip netns list
vpnlink (id: 0)
root at htpc:~/netsu# ip netns exec vpnlink ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: wlan_usb: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode 
DEFAULT group default qlen 1000
     link/ether 00:0f:60:06:7f:3b brd ff:ff:ff:ff:ff:ff
root at htpc:~/netsu# ip netns del vpnlink
root at htpc:~/netsu# ip netns list
root at htpc:~/netsu# systemctl restart network-setup.service
root at htpc:~/netsu# systemctl status network-setup.service
● network-setup.service
      Loaded: loaded (/etc/systemd/system/network-setup.service; 
enabled; preset: disabled)
     Drop-In: /usr/lib/systemd/system/service.d
              └─10-timeout-abort.conf
      Active: active (exited) since Thu 2024-07-18 09:34:55 CEST; 14s ago
     Process: 3320 ExecStart=/root/netsu/netsu (code=exited, 
status=0/SUCCESS)
    Main PID: 3320 (code=exited, status=0/SUCCESS)
         CPU: 29ms

Jul 18 09:34:55 htpc systemd[1]: Starting network-setup.service...
Jul 18 09:34:55 htpc systemd[1]: Finished network-setup.service.
root at htpc:~/netsu# ip netns list
Error: Peer netns reference is invalid.
Error: Peer netns reference is invalid.
vpnlink
root at htpc:~/netsu# ip netns exec vpnlink ip link show
setting the network namespace "vpnlink" failed: Invalid argument
root at htpc:~/netsu# ip netns del vpnlink

Am I missing something? Of course, the process running the root shell 
invoked from the command line is ultimately also a child of systemd, 
which is the system's init process.

More information about the systemd-devel mailing list