From 9a175cc2cea75b98fc3c20381f58dcabf24ef529 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 29 Sep 2021 16:11:06 +0200 Subject: pasta: Allow specifying paths and names of namespaces Based on a patch from Giuseppe Scrivano, this adds the ability to: - specify paths and names of target namespaces to join, instead of a PID, also for user namespaces, with --userns - request to join or create a network namespace only, without entering or creating a user namespace, with --netns-only - specify the base directory for netns mountpoints, with --nsrun-dir Signed-off-by: Giuseppe Scrivano [sbrivio: reworked logic to actually join the given namespaces when they're not created, implemented --netns-only and --nsrun-dir, updated pasta demo script and man page] Signed-off-by: Stefano Brivio --- passt.1 | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'passt.1') diff --git a/passt.1 b/passt.1 index d3a5cc5..b21333b 100644 --- a/passt.1 +++ b/passt.1 @@ -12,7 +12,7 @@ [\fIOPTION\fR]... .br .B pasta -[\fIOPTION\fR]... [\fITARGET_PID\fR] +[\fIOPTION\fR]... [\fIPID\fR|\fIPATH\fR|\fINAME\fR] .SH DESCRIPTION @@ -56,11 +56,10 @@ or with the \fBqrap\fR(1) wrapper. equivalent functionality to network namespaces, as the one offered by \fBpasst\fR for virtual machines. -If TARGET_PID is given, \fBpasta\fR associates to the user and network namespace -of the corresponding process. Otherwise, \fBpasta\fR creates a new user and -network namespace, and spawns an interactive shell within this context. A -\fItap\fR device within the network namespace is created to provide network -connectivity. +If PID, PATH or NAME are given, \fBpasta\fR associates to an existing user and +network namespace. Otherwise, \fBpasta\fR creates a new user and network +namespace, and spawns an interactive shell within this context. A \fItap\fR +device within the network namespace is created to provide network connectivity. For local TCP and UDP traffic only, \fBpasta\fR also implements a bypass path directly mapping Layer-4 sockets between \fIinit\fR and target namespaces, @@ -357,6 +356,25 @@ Configure UDP port forwarding from target namespace to init namespace. Default is \fBauto\fR. +.TP +.BR \-\-userns " " \fIspec +Target user namespace to join, as path or name (i.e. suffix for --nsrun-dir). If +PID is given, without this option, the user namespace will be the one of the +corresponding process. + +This option requires PID, PATH or NAME to be specified. + +.TP +.BR \-\-netns-only +Join or create only the network namespace, not a user namespace. This is implied +if PATH or NAME are given without \-\-userns. + +.TP +.BR \-\-nsrun-dir " " \fIpath +Directory for nsfs mountpoints, used as path prefix for names of namespaces. + +The default path is shown with --help. + .SH EXAMPLES .SS \fBpasta -- cgit v1.2.3