44

Is there any method in Linux to list all namespaces on the running host? I need to check namespaces for particular processes (e.g. processes running in LXC-container and all other processes on the host) and then find out cgroups of them.

Gilles 'SO- stop being evil'
  • 829,060
zerospiel
  • 1,073

4 Answers4

46

Utilities for working with namespaces have improved since this question was asked in 2013.

lsns from the util-linux package can list all of the different types of namespaces, in various useful formats.

# lsns --help

Usage:
 lsns [options] [<namespace>]

List system namespaces.

Options:
 -J, --json             use JSON output format
 -l, --list             use list format output
 -n, --noheadings       don't print headings
 -o, --output <list>    define which output columns to use
 -p, --task <pid>       print process namespaces
 -r, --raw              use the raw output format
 -u, --notruncate       don't truncate text in columns
 -t, --type <name>      namespace type (mnt, net, ipc, user, pid, uts, cgroup)

 -h, --help     display this help and exit
 -V, --version  output version information and exit

Available columns (for --output):
          NS  namespace identifier (inode number)
        TYPE  kind of namespace
        PATH  path to the namespace
      NPROCS  number of processes in the namespace
         PID  lowest PID in the namespace
        PPID  PPID of the PID
     COMMAND  command line of the PID
         UID  UID of the PID
        USER  username of the PID

For more details see lsns(8).

lsns only lists the lowest PID for each process - but you can use that PID with pgrep if you want to list all processes belonging to a namespace.

e.g. if I'm running gitlab in docker and want to find all the processes running in that namespace, I can:

# lsns  -t pid -o ns,pid,command  | grep gitlab
  4026532661   459 /opt/gitlab/embedded/bin/redis-server 127.0.0.1:0

and, then use that pid (459) with pgrep:

# pgrep --ns 459 -a
459 /opt/gitlab/embedded/bin/redis-server 127.0.0.1:0
623 postgres: gitlab gitlabhq_production [local] idle
[...around 50 lines deleted...]
30172 nginx: worker process

I could also use the namespace id (4026532661) with ps, e.g.:

ps -o pidns,pid,cmd | awk '$1==4026532661'
[...output deleted...]
cas
  • 78,579
3

From ip man page for network name space

ip netns - process network namespace management A network namespace is logically another copy of the network stack, with it's own routes, firewall rules, and network devices.

   By  convention  a   named   network   namespace   is   an   object   at
   /var/run/netns/NAME  that can be opened.  The file descriptor resulting
   from opening /var/run/netns/NAME refers to the specified network names-
   pace.   Holding  that  file descriptor open keeps the network namespace
   alive.  The file descriptor can be used with the setns(2)  system  call
   to change the network namespace associated with a task.

   The  convention for network namespace aware applications is to look for
   global network configuration files first in  /etc/netns/NAME/  then  in
   /etc/.    For   example,   if   you   want   a   different  version  of
   /etc/resolv.conf for a network namespace used to isolate your  vpn  you
   would name it /etc/netns/myvpn/resolv.conf.

For name spaces of other types, maybe there is other ways

c4f4t0r
  • 649
2

Namespace-Lister:

You can use listns.py

Usage: ./listns.py or python2 listns.py

Exploring the system

In the basic/default setup Ubuntu 12.04 and higher provide namespaces for (These namespaces are shown for every process in the system. if you execute as root)

  • ipc for IPC objects and POSIX message queues
  • mnt for filesystem mountpoints
  • net for network abstraction (VRF)
  • pid to provide a separated, isolated process ID number space
  • uts to isolate two system identifiers — nodename and domainname – to be used by uname

The python code

The python code below is listing all non default namespaces in a system. The program flow is

  • Get the reference namespaces from the init process (PID=1). Assumption: PID=1 is assigned to the default namespaces supported by the system
  • Loop through /var/run/netns/ and add the entries to the list
  • Loop through /proc/ over all PIDs and look for entries in /proc//ns/ which are not the same as for PID=1 and add then to the list
  • Print the result

Example:

Example of python2 listns.py output... you can pipe it with sort or edit the script to match your needs

       PID  Namespace             Thread/Command
        --  net:[4026533172]      created by ip netns add qrouter-c33ffc14-dbc2-4730-b787-4747
        --  net:[4026533112]      created by ip netns add qrouter-5a691ed3-f6d3-4346-891a-3b59
       297  mnt:[4026531856]      kdevtmpfs 
      3429  net:[4026533050]**    dnsmasq --no-hosts --no-resolv --strict-order --bind-interfa
      3429  mnt:[4026533108]      dnsmasq --no-hosts --no-resolv --strict-order --bind-interfa
      3486  net:[4026533050]**    /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_fil
      3486  mnt:[4026533107]      /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_fil

Source: github-mirror and article; all credit to Ralf Trezeciak

intika
  • 14,406
  • If this is your script, you should state that. (And in your other answers spamming this script as well). – muru May 16 '19 at 05:34
  • i already linked the source, now i added the name of the developer, i updated the 2 other answers as well, i posted different answer to different questions even if it is linking the same tool, please let me know if i have to update something or delete an answer. – intika May 16 '19 at 05:57
1

Nsutils

Nsutils can list used namespace with nslist, it also does not require root to see user namespaces

Network namespaces:

For network namespace created with ip netns, they can be listed with ip netns list

intika
  • 14,406