I would like to run a new process (for example an xterm) in another network namespace. This could be done like this:
sudo ip netns exec otherns sudo -u $USER xterm
This command looks a bit complicated and involves running a sudo which runs ip which runs sudo which runs the final xterm.
Is there a more direct way to run a process in a new namespace?
I was thinking of writing a own small (SUID or capability enabled) binary which switches namespace restores permissions and user and runs the command, but shouldn't there already be some standard tool doing exactly that?
This would allow me to simply call something like:
runns otherns xterm
unshare.unshareand thesetnssystem call need the CAP_SYS_ADMIN capability, hence "normal" users are not allowed to switch namespaces.