cpns, addns, subns – process namespace manipulation|
cpns [ –x exclude ] [ –o only ] [ –t ] [ –r ] model target|
addns [ –x exclude ] [ –o only ] [ –t ] [ –r ] model target
subns [ –x exclude ] [ –o only ] [ –t ] [ –r ] model target
These scripts require the writable /proc/*/ns kernel mod. They
provide a scripted interface for namespace operations between
processes owned by the user visible at /proc. Both local and remote
processes may be targeted if the target system is running the
correct kernel. See proc(3) for details on ns operations via
All commands take two numeric process IDs as their parameters. They compare the /proc/pid/ns files of model and target processes and generate operations to be written back to the /proc/pid/ns file to modify the namespace of the target process.
cpns copies the namespace of the model process over the namespace of the target process.
addns finds the mounts and binds that exist in the ns of model but not in target and adds those mounts and binds to the namespace of target process.
subns performs the reverse operation; it searches the namespace of target for mounts and binds that do not exist in model and then removes them from the target process.
All scripts share identical flags. –t causes the scripts to run in test mode and print the commands they would issue while taking no other action. –r attempts to make the namespace operations safe for processes making use of rio. It filters out operations which contain the strings /mnt/term /dev/cons or /rio. –x exclude allows the user to specify a string which will be excluded from any of the performed operations. –o only allows the user to specify a string which all namespace operations must include.
Not all namespace commands can be copied literally between processes. It is expected to receive errors from some of the attempted ns operations and the final state of the target's namespace may not precisely mirror the model. In general the error output simply means illegal operations were rejected and not attempted.
The existing Plan 9 software does not expect processes' namespace
to be modified without their knowledge during operation. Modifying
namespace does not break connections to existing file descriptors
so the modifications will not have a noticeable result until new
fds are opened. Modifying namespace arbitrarily is
powerful and flexible enough that it is impossible to sanity–check
all potential operations. Just like cp(1) of files, cpns will
allow you to shoot yourself in the foot. Use of the –t flag is
recommended until you are confident you understand the results
of a given operation.
bind(1), bind(2), mnt(3), proc(3), namespace(4)|
These scripts operate using simple comparison via grep(1) of matching
lines. Namespace structures are more complicated than this because
the meaning of later binds depends on previous mounts and binds.
Better tools should be written which understand the graph/tree
structure of a namespace and how to correctly
build and dissassemble them in full generality.|