nsdo (network namespace do) is a simple C program that runs a command
inside a given Linux network namespace.
Effectively, it simplifies:
$ sudo ip netns exec myns sudo -u $USER myprogram
to
$ nsdo myns myprogram
Thanks to magic of the setuid bit, it initially has root
privileges, which allows it to change its own network namespace,
setuid() to the user who ran the command, and then exec() the
requested command.
If you're on Arch, you can build my AUR package.
Otherwise:
$ make
# make install
To change the default installation directory of /usr/local, set
PREFIX to something else when you call make install.
I wrote this program because I run some applications under a VPN (e.g., clients for peer-to-peer protocols) and leave others untouched (like a game client).
For more details, see my blog post on the subject.
nsdo(1) General Commands Manual nsdo(1)
NAME
nsdo - run a command in a network namespace
SYNOPSIS
nsdo namespace command [args ...]
nsdo { --version | -V }
DESCRIPTION
Execute command as the current user/group in namespace, a
Linux network namespace set up with iproute2 (see ip-
netns(8)).
By default, iproute2 places network namespaces in
/var/run/netns/, so nsdo searces for namespaces there
(including namespace). To prevent command from easily
escaping the namespace 'jail,' nsdo will exit if the cur‐
rent namespace exists in that directory. Consequently, you
can not nest instances of nsdo.
OPTIONS
--version, -V
Instead of running a command, print nsdo's version
and exit.
SEE ALSO
ip(8), ip-netns(8), namespaces(7), nsenter(1)
2016-01-23 nsdo(1)