netns-exec/README.md

netns-exec
==========

Runs command in Linux network namespace as a normal user. Does
essentially the same as `sudo ip netns exec <netns> sudo -u "$USER"
<command>`, but doesn't require sudo privileges or password.

This is a simple suid root program built around the code of `ip netns
exec` command of [iproute2] utility suite. The iproute2 source is
embedded in this git repository as a submodule.


Usage
-----

Run command:

    netns-exec [--] <netns> <command> <args>...

Start shell:

    netns-exec [--] <netns>

Show help:

    netns-exec -h
    netns-exec --help

If you have problems with D-Bus, use `netns-exec-dbus` instead of
`netns-exec`. It takes the same parameters. See below for explanation.


D-Bus proxy
-----------

D-Bus doesn't work inside the network namespace if the D-Bus daemon is
using an abstract Unix domain socket. The script `netns-exec-dbus`
enables the use of D-Bus by creating a simple proxy that listens on a
regular Unix domain socket, which works across namespaces. It uses
[socat], which must be installed and in `$PATH`. It starts the command
with the environment variable `DBUS_SESSION_BUS_ADDRESS` set to point
to the proxy socket, which should make the program use the proxy
socket. The proxy is only started when necessary, and it and its
socket are automatically destroyed after the command terminates.


Building and installing
-----------------------

    git submodule update --init
    make
    sudo make install


Security note
-------------

This program is installed as suid root. Normally, only root can
execute anything in a different network namespace. This program
intentionally bypasses this restriction and should not be installed in
a machine where this is a problem.


[iproute2]: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
[socat]: http://www.dest-unreach.org/socat/
Add license and README 8 years ago			`netns-exec`
			`==========`

			`Runs command in Linux network namespace as a normal user. Does`
			essentially the same as `sudo ip netns exec <netns> sudo -u "$USER"
			<command>`, but doesn't require sudo privileges or password.

			This is a simple suid root program built around the code of `ip netns
			exec` command of [iproute2] utility suite. The iproute2 source is
			`embedded in this git repository as a submodule.`


			`Usage`
			`-----`

			`Run command:`

			`netns-exec [--] <netns> <command> <args>...`

			`Start shell:`

			`netns-exec [--] <netns>`

			`Show help:`

			`netns-exec -h`
			`netns-exec --help`

Add D-Bus proxy 8 years ago			If you have problems with D-Bus, use `netns-exec-dbus` instead of
			`netns-exec`. It takes the same parameters. See below for explanation.


			`D-Bus proxy`
			`-----------`

			`D-Bus doesn't work inside the network namespace if the D-Bus daemon is`
			using an abstract Unix domain socket. The script `netns-exec-dbus`
			`enables the use of D-Bus by creating a simple proxy that listens on a`
			`regular Unix domain socket, which works across namespaces. It uses`
			[socat], which must be installed and in `$PATH`. It starts the command
			with the environment variable `DBUS_SESSION_BUS_ADDRESS` set to point
			`to the proxy socket, which should make the program use the proxy`
			`socket. The proxy is only started when necessary, and it and its`
			`socket are automatically destroyed after the command terminates.`

Add license and README 8 years ago
			`Building and installing`
			`-----------------------`

			`git submodule update --init`
			`make`
			`sudo make install`


			`Security note`
			`-------------`

			`This program is installed as suid root. Normally, only root can`
			`execute anything in a different network namespace. This program`
			`intentionally bypasses this restriction and should not be installed in`
			`a machine where this is a problem.`


			`[iproute2]: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2`
Add D-Bus proxy 8 years ago			`[socat]: http://www.dest-unreach.org/socat/`