aboutsummaryrefslogtreecommitdiffgithub
path: root/README.md
blob: 40759201def8f25f3a2c50bf2568992fae63dc0d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
nsdo
====

`nsdo` (network namespace do) is a simple C program that runs a command
inside a given [Linux network namespace][1].

Effectively, it simplifies:

    $ sudo ip netns exec myns sudo -u $USER myprogram

to

    $ nsdo myns myprogram

Thanks to magic of the [setuid bit][2], it initially has root
privileges, which allows it to change its own network namespace,
`setuid()` to the user who ran the command, and then `exec()` the
requested command.

installation
------------

If you're on Arch, you can build [my AUR package][4].

Otherwise:

    $ make
    # make install

To change the default installation directory of `/usr/local`, set
`PREFIX` to something else when you call `make install`.

openvpn example
---------------

I wrote this program because I run some applications under a VPN (e.g.,
clients for peer-to-peer protocols) and leave others untouched (like a
game client).

For more details, see [my blog post on the subject][5].

license
-------
[MIT/X11][3].

[1]: https://lwn.net/Articles/580893/
[2]: https://en.wikipedia.org/wiki/Setuid
[3]: https://github.com/ausbin/nsdo/blob/master/LICENSE
[4]: https://aur.archlinux.org/packages/nsdo-git/
[5]: https://austinjadams.com/blog/running-select-applications-through-openvpn/

manpage
-------

    nsdo(1)               General Commands Manual              nsdo(1)
    
    NAME
           nsdo - run a command in a network namespace
    
    SYNOPSIS
           nsdo namespace command [args ...]
    
           nsdo { --version | -V }
    
    DESCRIPTION
           Execute  command  as the current user/group in namespace, a
           Linux network namespace  set  up  with  iproute2  (see  ip-
           netns(8)).
    
           By   default,   iproute2   places   network  namespaces  in
           /var/run/netns/,  so  nsdo  searces  for  namespaces  there
           (including  namespace).   To  prevent  command  from easily
           escaping the namespace 'jail,' nsdo will exit if  the  cur‐
           rent namespace exists in that directory.  Consequently, you
           can not nest instances of nsdo.
    
    OPTIONS
           --version, -V
                  Instead of running a command, print  nsdo's  version
                  and exit.
    
    SEE ALSO
           ip(8), ip-netns(8), namespaces(7)
    
                                2016-01-23                     nsdo(1)