0

I want to write a udev rule (ACTION=add) that will create a new network namespace, move the newly added device to it and exec some commands inside it.

I was using irpoute2 to do so (Inside the rule):

ip netns add device-interface-name
ip netns exec device-interface-name "echo hello world!"

We can find pretty easily in the iproute2 source code, most of the nets code is using the mount syscall. Cf: https://github.com/iproute2/iproute2/blob/main/ip/ipnetns.c.

However, as stated in the udev manpage we cannot use mount inside udev rules.

           Note that running programs that access the network or
           mount/unmount filesystems is not allowed inside of udev
           rules, due to the default sandbox that is enforced on
           systemd-udevd.service.

The note seems pretty clear but I really wanted to be able to do so. Or at least have a better understanding of why not.

Improve this question
4
  • ip netns add device-interface-name? Do you have some misunderstanding in how ip netns works (or even how netns works in general)? Have you ever read the man page of it? Commented Jul 12, 2024 at 16:50
  • Sorry It might be unclear. I know how to properly use the basics of network namespaces. The problem is that ip nets add fails inside the udev rule because it cannot mount (Operation not permitted) Commented Jul 15, 2024 at 6:20
  • You can / should write a systemd service instead, which can be pulled by the device unit of the NIC. (I never bothered to check whether networkd can be used for this kind of task.) Commented Jul 15, 2024 at 6:29
  • Thank you for your quick response. I will work on that. Commented Jul 16, 2024 at 7:47

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.