0

Everything I read uses the PID of the container that uses that network. Unfortunately the container dies because of a what I think is a network issue. I want to nsenter into the network namespace and run commands rather than run a different container on that network.

My /var/run/docker/netns/ folder is empty. But the network is a bridge network that shows up in docker network ls

user2615862
  • 149
  • 1
  • 10

1 Answers1

2

When a container is started, it gets it's own network namespace unless it is started with --net=none or --net=host. This namespace gets deleted once the container is stopped. So you won't be able to debug anything related to that container's network once it's not running.

You need to check the container logs as to why the container exited.

Anyways here are some relevant sample commands:

pid=`docker inspect -f '{{.State.Pid}}' $container_id`

mkdir -p /var/run/netns
rm -f /var/run/netns/$container_id
ln -sv /proc/$pid/ns/net /var/run/netns/$container_id
nsenter -m -t `pidof dockerd` nsenter --net=/var/run/docker/netns/4-4ef4272ac1 ip link
leodotcloud
  • 1,830
  • 14
  • 15
  • Thanks for your comment. I understand how to do it when the container is running. So maybe I'm misunderstanding. The namespace isn't created until a container is started? What then is actually done when I do a `docker network create foo`? I can only nsenter into the namespace that uses `foo` if a container is running? – user2615862 Jun 06 '18 at 14:16
  • 1
    docker network create is creating a bridge on the host (Check using `ip addr`. When a container is started, it's connected to the bridge using veth. – leodotcloud Jun 07 '18 at 20:15