I'm having trouble figuring out how to create a new process namespace once I exit from the one created by unshare. So, for example, I have the following.
unshare -f --mount-proc --mount=/containers/1/ns/mnt --pid=/containers/1/ns/pid
And in another terminal, I enter this namespace.
nsenter --mount=/containers/1/ns/mnt --pid=/containers/1/ns/pid
Once I exit from the shell started by unshare, I can no longer re-enter.
nsenter: fork failed: Cannot allocate memory
I got the following idea from this medium post. But this will create a new process namespace each time, which isn't what I want.
nsenter --mount=/containers/1/ns/mnt unshare -f --mount-proc --pid
I can't get it to work with the pid file and don't understand what the problem is.
sudo nsenter --mount=/containers/1/ns/mnt unshare -f --mount-proc --pid=/containers/1/ns/pid
unshare: cannot stat /proc/11379/ns/mnt: No such file or directory
I tried running nsenter from within the shell started by unshare, but I get the following.
nsenter: reassociate to namespace 'ns/mnt' failed: Invalid argument
Finally, I found a solution that I believe does what I want, but it's awkward and requires creating two processes since the first one is not in the right mount namespace.
# Terminal 1
unshare -f --mount-proc --pid=/containers/1/ns/pid
# Terminal 2
nsenter --mount=/containers/1/ns/mnt --pid=/containers/1/ns/pid unshare -f --mount-proc
I could start all over once I exit the original process namespace and re-run my script to set everything up in the mount namespace, but I would think there would be way to do this without completely starting over each time.