Thanks for you answer.
Concerning the mount ns, I already tried the following commands :
$> ip netns add somens
$> ip netns exec somens ip link add type dummy
$> unshare --mount
$> mount -t tmpfs nodev /var/run/dbus
$> ip netns exec behemoth NetworkManager
$> nmcli d
Network-manager launched correctly, but even when back to the normal
mount ns, nmcli binded to the new instance of NetworkManager, like if
unshare didn't work.
Any idea ?
Thanks.
Guy Godfroy
Le 06/10/2015 18:16, Lubomir Rintel a écrit :
> Hi,
>
> On Wed, 2015-09-30 at 10:42 +0200, Guy Godfroy wrote:
>> Hello,
>>
>> My idea is to allow regular users to establish VPN tunnels on
>> specific
>> network namespaces (netns) via nscli command.
>> So I wonder if network-manager can handle several namespaces and how.
> No. We should probably have a proper netns one day, but we're not there
> yet.
>
>> If not, a solution would be to launch one network-manager instance
>> per
>> netns. But I don't know how to tell to nmcli which instance of
>> network-manager to refer to.
> If a system dbus is available, NetworkManager acquires a name on a
> system bus and nmcli uses the system bus to talk to it. If there's no
> system bus a private socket is used. For your namespaced NetworkManager
> instances you probably want to go with the second option.
>
> Therefore, in addition to net ns you need to create a separate mount ns
> and mount a private /run instance. That would shadow the system-wide
> dbus socket and NM will use its private socket there. Then just run
> nmcli in the same mount namespace as the daemon.
>
>> Is there a better solution?
>> Thanks for your attention.
>>
>> Guy Godfroy
> Lubo
_______________________________________________
networkmanager-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/networkmanager-list
