NSEnter is a Python package that enables you to enter Linux kernel namespaces — mount, IPC, net, PID, user and UTS — with a single, simple "setns" syscall. The command line interface is similar to the nsenter C program.
When working with Docker containers, questions usually arise about how to connect into a running container without starting an explicit SSH daemon (which is considered a bad idea). One way is to use Linux Kernel namespaces, which Docker uses to restrict the view from within containers.
The util-linux
package provides the nsenter
command line utility, but Ubuntu 16.04 LTS unfortunately does not. Jérôme Petazzoni provides a Docker recipe for nsenter
on GitHub, or you can compile nsenter
from source. As there is only one simple syscall to enter a namespace, we can do the call directly from within Python using the ctypes
module. We bundled this syscall to create NSEnter.
- Python 2.6 or higher
From PyPI:
sudo pip3 install nsenter
From git source:
python3 setup.py install
Example of command line usage:
docker run -d --name=redis -t redis sudo nsenter --all --target=`docker inspect --format '{{ .State.Pid }}' redis` /bin/bash
Example of usage from Python:
import subprocess
from nsenter import Namespace
with Namespace(mypid, 'net'):
# output network interfaces as seen from within the mypid's net NS:
subprocess.check_output(['ip', 'a'])
# or enter an arbitrary namespace:
with Namespace('/var/run/netns/foo', 'net'):
# output network interfaces as seen from within the net NS "foo":
subprocess.check_output(['ip', 'a'])
This project works as-is. There are currently no plans to extend it, but if you have an idea please submit an Issue to the maintainers.
See file.