Skip to content
Enter kernel namespaces from Python
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
nsenter
.gitignore
.travis.yml
.zappr.yaml
CONTRIBUTING.rst
LICENSE
MAINTAINERS
MANIFEST.in
README.rst
requirements.txt
setup.py
tests.py
tox.ini

README.rst

NSEnter

Travis CI build status

NSEnter is a Python package that enables you to enter Linux kernel namespaces — mount, IPC, net, PID, user and UTS — with a single, simple "setns" syscall. The command line interface is similar to the nsenter C program.

Project Origins

When working with Docker containers, questions usually arise about how to connect into a running container without starting an explicit SSH daemon (which is considered a bad idea). One way is to use Linux Kernel namespaces, which Docker uses to restrict the view from within containers.

The util-linux package provides the nsenter command line utility, but Ubuntu 16.04 LTS unfortunately does not. Jérôme Petazzoni provides a Docker recipe for nsenter on GitHub, or you can compile nsenter from source. As there is only one simple syscall to enter a namespace, we can do the call directly from within Python using the ctypes module. We bundled this syscall to create NSEnter.

Additional Links

  • "Entering Kernel Namespaces from Python," Zalando Tech blog post
  • On PyPi

Requirements

  • Python 2.6 or higher

Installation

From PyPI:

sudo pip3 install nsenter

From git source:

python3 setup.py install

Usage

Example of command line usage:

docker run -d --name=redis -t redis
sudo nsenter --all --target=`docker inspect --format '{{ .State.Pid }}' redis` /bin/bash

Example of usage from Python:

import subprocess
from nsenter import Namespace

with Namespace(mypid, 'net'):
    # output network interfaces as seen from within the mypid's net NS:
    subprocess.check_output(['ip', 'a'])

# or enter an arbitrary namespace:
with Namespace('/var/run/netns/foo', 'net'):
    # output network interfaces as seen from within the net NS "foo":
    subprocess.check_output(['ip', 'a'])

Development Status

This project works as-is. There are currently no plans to extend it, but if you have an idea please submit an Issue to the maintainers.

License

See file.

You can’t perform that action at this time.