aboutsummaryrefslogtreecommitdiffgithub
AgeCommit message (Collapse)Author
2016-08-16openvpn-example: Move OpenVPN article to my blogHEADmasterAustin Adams
As I noted back in f1f56a7ae6, I originally wrote the article on assigning OpenVPN instances to network namespaces as a blog post. So now that I've finally set up a blog and posted the article there, remove the duplicate copy in this repository and provide links to the new post. Honestly, because the article can stand on its own as a guide (i.e., it doesn't require nsdo), it never belonged in the nsdo repository in the first place. The only benefit I see is that GitHub has a much higher PageRank than my blog does, meaning my blog will probably show up much later (if at all) on Google search results. But oh well.
2016-07-30README: Add changes to readme.head from 8326e8d3Austin Adams
In 8326e8d3, I mistakenly modified README.md directly instead of generating it by changing readme.head and running the Makefile. So copy over my changes to readme.head.
2016-07-29Don't leak netns fd to exec()'d processAustin Adams
Pass O_CLOEXEC to open() to prevent the exec()'d process from inheriting the file descriptor of the netns in /var/run/netns. Example of current leaky behavior: $ nsdo foo ls -l /proc/self/fd/ total 0 lrwx------ 1 austin austin 64 Jul 29 20:44 0 -> /dev/pts/21 lrwx------ 1 austin austin 64 Jul 29 20:44 1 -> /dev/pts/21 lrwx------ 1 austin austin 64 Jul 29 20:44 2 -> /dev/pts/21 lr-x------ 1 austin austin 64 Jul 29 20:44 3 -> /run/netns/foo <-- ! lr-x------ 1 austin austin 64 Jul 29 20:44 4 -> /proc/12307/fd
2016-07-17openvpn-example: Add capabilities infoAustin Adams
Version 2.3.11 of the Arch openvpn package changed openvpn@.service by limiting its capabilities to a set not including CAP_SYS_ADMIN, which setns() requires. So update the unit pasted into the guide and add the needed capability to the suggested drop-in unit.
2016-02-06add veth guide to openvpn-example.mdAustin Adams
I wanted to access a web application running in nsdo, but found that I couldn't without running my browser in the same network namespace. As a workaround, I set up veth and then added the steps I took to the OpenVPN guide.
2016-01-23add --version flag, which prints "1.0"v1.0Austin Adams
For printing the current version, nsdo now accepts --version/-V. I've updated the manpage to reflect this.
2015-10-24remove -Werror from Makefile and return 0 in mainAustin Adams
2015-09-12add bash completion, tweak makefileAustin Adams
also fixed a type in the manpage
2015-09-12improve handling of invalid namespace namesAustin Adams
1. don't accept empty namespace names. running setns(open("/run/netns")) as root is probably harmless, but I'd like to avoid it. 2. if a namespace can't be open()ed, give the filename nsdo tried to open. Then, maybe the user can try to find the file by hand.
2015-09-12vpn-ns doesn't create namespaces, so fix guideAustin Adams
2015-09-12improve error messages and update vpn suggestionsAustin Adams
nsdo now returns better error messages. For instance, if a stat() fails, it gives the filename in the error message. I've also tweaked my vpn suggestions to re-use the same network namespaces across openvpn client restarts. Before, the network namespace was added and removed in the vpn-ns script, but because that ran for every start/stop of the openvpn client, sometimes the network namespace in which an application was running would get 'stale.' Specifically, if Firefox was running in my VPN's network namespace, but I suspended my laptop, the vpn-ns script would create a new network namespace when the computer came out of suspend and the openvpn client started up again. So, /run/netns/vpn (for example) would point to namespace 12345679, where openvpn was running, while firefox would be running in namespace 12345678. The fix -- to use a separate systemd service to create the namespaces -- just makes sense, and I should've done it this way in the first place.
2015-08-09add page on using nsdo with openvpnAustin Adams
I've been wanting to write a blog post about my use of Linux network namespaces with openvpn for a while, but I still haven't bothered to create a blog in the first place (...yep), so I thought this repository might be a good place for a quick guide. I hope it helps someone someday.
2015-08-08initial commitAustin Adams