{"id":22350917,"url":"https://github.com/johnae/netns-exec","last_synced_at":"2025-06-27T22:39:32.931Z","repository":{"id":57644544,"uuid":"240673241","full_name":"johnae/netns-exec","owner":"johnae","description":"Very simple command for running a process in a given Linux network namespace","archived":false,"fork":false,"pushed_at":"2020-09-30T21:39:05.000Z","size":24,"stargazers_count":23,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-19T11:19:06.188Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/johnae.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-15T08:56:03.000Z","updated_at":"2024-09-02T02:17:44.000Z","dependencies_parsed_at":"2022-08-30T05:52:36.537Z","dependency_job_id":null,"html_url":"https://github.com/johnae/netns-exec","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnae%2Fnetns-exec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnae%2Fnetns-exec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnae%2Fnetns-exec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnae%2Fnetns-exec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/johnae","download_url":"https://codeload.github.com/johnae/netns-exec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228106596,"owners_count":17870437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-04T12:11:42.369Z","updated_at":"2024-12-04T12:11:42.854Z","avatar_url":"https://github.com/johnae.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"## NetNS Exec\n\nThis is a super simple command for executing a process within a Linux network namespace. I personally use it to run my whole desktop within a namespace where there's only a [wireguard](https://www.wireguard.com/) interface, but you could use it for other reasons as well.\n\nThe [wireguard](https://www.wireguard.com/) dev himself suggests creating all unencrypted network interfaces (like `eth0` or `wlan0`) together with the wireguard interface within a certain network namespace and then you move the wireguard interface out of there into the `init` (eg. main) network namespace while leaving its socket in the original namespace (together with the unencrypted ones). That way, your `init` network namespace will only have a wireguard interface so everything goes over that interface (and no fiddling with routes etc needed).\nThis is obviously really cool and what you'd probably want to do if you can... unfortunately it can be a bit difficult to make all that work, starting dhcpd, wpa_supplicant or iwd in a different network namespace. So, this instead enables me to run my desktop within a namespace into which I've moved only the wireguard interface, leaving the wlan0 etc. in the `init` namespace.\n\nIf you wish to enter a named network namespace, you must ofc create the network namespace before you can run this command, when you've created it - you can run this like so:\n\n```sh\nnetns-exec \u003cnamespace\u003e cmdline here\n```\n\nA more concrete example would be:\n```sh\nnetns-exec private sway\n```\n\nIt is also possible to enter the network namespace of any process via its pid - for example, entering pid 1:s network namespace would be done like this:\n\n```sh\nnetns-exec 1 bash\n```\n\nThat would get you a bash shell in the network namespace of pid 1 (which basically means the \"main\" or \"global\" network namespace).\n\nFor this to be runnable as a normal user without sudo, you need to set the `setuid` bit (and the executable should be owned by root ofc). As soon as we've switched network namespace (a privileged operation), we drop privileges.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohnae%2Fnetns-exec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjohnae%2Fnetns-exec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohnae%2Fnetns-exec/lists"}