|
Thanks for you answer. Concerning the mount ns, I already tried the following commands : Network-manager launched correctly, but even when back to the normal mount ns, nmcli binded to the new instance of NetworkManager, like if unshare didn't work. Any idea ? Thanks. Guy Godfroy Le 06/10/2015 18:16, Lubomir Rintel a
écrit :
Hi, On Wed, 2015-09-30 at 10:42 +0200, Guy Godfroy wrote:Hello, My idea is to allow regular users to establish VPN tunnels on specific network namespaces (netns) via nscli command. So I wonder if network-manager can handle several namespaces and how.No. We should probably have a proper netns one day, but we're not there yet.If not, a solution would be to launch one network-manager instance per netns. But I don't know how to tell to nmcli which instance of network-manager to refer to.If a system dbus is available, NetworkManager acquires a name on a system bus and nmcli uses the system bus to talk to it. If there's no system bus a private socket is used. For your namespaced NetworkManager instances you probably want to go with the second option. Therefore, in addition to net ns you need to create a separate mount ns and mount a private /run instance. That would shadow the system-wide dbus socket and NM will use its private socket there. Then just run nmcli in the same mount namespace as the daemon.Is there a better solution? Thanks for your attention. Guy GodfroyLubo |