2017-12-07 19:22:34 +00:00
|
|
|
.\" Copyright (c) 2017 by Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
|
|
|
.\"
|
iconv.1, bpf.2, copy_file_range.2, fcntl.2, memfd_create.2, mlock.2, mount.2, mprotect.2, perf_event_open.2, pkey_alloc.2, prctl.2, read.2, recvmmsg.2, s390_sthyi.2, seccomp.2, sendmmsg.2, syscalls.2, unshare.2, write.2, errno.3, fgetpwent.3, fts.3, pthread_rwlockattr_setkind_np.3, fuse.4, veth.4, capabilities.7, cgroups.7, ip.7, man-pages.7, namespaces.7, network_namespaces.7, sched.7, socket.7, user_namespaces.7, iconvconfig.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-02-02 06:38:54 +00:00
|
|
|
.TH NETWORK_NAMESPACES 7 2018-02-02 "Linux" "Linux Programmer's Manual"
|
2017-12-07 19:22:34 +00:00
|
|
|
.SH NAME
|
|
|
|
network_namespaces \- overview of Linux network namespaces
|
|
|
|
.SH DESCRIPTION
|
2017-12-08 09:23:09 +00:00
|
|
|
Network namespaces provide isolation of the system resources associated
|
|
|
|
with networking: network devices, IPv4 and IPv6 protocol stacks,
|
2017-12-10 22:17:59 +00:00
|
|
|
IP routing tables, firewall rules, the
|
2017-12-08 09:23:09 +00:00
|
|
|
.I /proc/net
|
2017-12-10 22:17:59 +00:00
|
|
|
directory (which is a symbolic link to
|
|
|
|
.IR /proc/PID/net ),
|
|
|
|
the
|
2017-12-08 09:23:09 +00:00
|
|
|
.I /sys/class/net
|
2017-12-10 22:17:59 +00:00
|
|
|
directory, various files under
|
|
|
|
.IR /proc/sys/net ,
|
|
|
|
port numbers (sockets), and so on.
|
2018-02-24 16:49:24 +00:00
|
|
|
In addition,
|
2018-03-10 19:57:03 +00:00
|
|
|
network namespaces isolate the UNIX domain abstract socket namespace (see
|
|
|
|
.BR unix (7)).
|
2017-12-08 09:24:31 +00:00
|
|
|
.PP
|
2017-12-08 09:23:09 +00:00
|
|
|
A physical network device can live in exactly one
|
|
|
|
network namespace.
|
2017-12-08 09:24:31 +00:00
|
|
|
When a network namespace is freed
|
|
|
|
(i.e., when the last process in the namespace terminates),
|
|
|
|
its physical network devices are moved back to the
|
|
|
|
initial network namespace (not to the parent of the process).
|
|
|
|
.PP
|
2017-12-08 09:23:09 +00:00
|
|
|
A virtual network
|
|
|
|
.RB ( veth (4))
|
|
|
|
device pair provides a pipe-like abstraction
|
|
|
|
that can be used to create tunnels between network namespaces,
|
|
|
|
and can be used to create a bridge to a physical network device
|
|
|
|
in another namespace.
|
2017-12-10 21:33:08 +00:00
|
|
|
When a namespace is freed, the
|
|
|
|
.BR veth (4)
|
|
|
|
devices that it contains are destroyed.
|
2017-12-08 09:23:09 +00:00
|
|
|
.PP
|
|
|
|
Use of network namespaces requires a kernel that is configured with the
|
|
|
|
.B CONFIG_NET_NS
|
|
|
|
option.
|
|
|
|
.\" FIXME .SH EXAMPLE
|
2017-12-07 19:22:34 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR nsenter (1),
|
|
|
|
.BR unshare (1),
|
|
|
|
.BR clone (2),
|
|
|
|
.BR veth (4),
|
|
|
|
.BR proc (5),
|
|
|
|
.BR sysfs (5),
|
|
|
|
.BR namespaces (7),
|
|
|
|
.BR user_namespaces (7),
|
|
|
|
.BR brctl (8),
|
|
|
|
.BR ip (8),
|
|
|
|
.BR ip-address (8),
|
|
|
|
.BR ip-link (8),
|
|
|
|
.BR ip-netns (8),
|
|
|
|
.BR iptables (8),
|
|
|
|
.BR ovs-vsctl (8)
|