jamesmcm · June 23, 2025 21:15
diff --git a/docker_in_netns.txt b/docker_in_netns.txt
 # After creating the network namespace e.g. vo_none_none
 # See https://unix.stackexchange.com/questions/686155/how-can-i-use-a-bind-mount-in-a-network-namespace
 # The trick is to bind mount sys, as otherwise ip netns exec will create a mount namespace without it
 # Note that each invocation of ip netns exec has its own mount namespace!
 $ (on host) sudo -E unshare -m sh -c 'mount --bind /sys /sys; exec ip netns exec vo_none_none sudo --user archie --preserve-env bash'
 $ (in netns) sudo umount /sys
 $ (in netns) sudo dockerd --host=unix:///var/run/docker-netns.sock --data-root=/var/lib/docker-netns --default-runtime=runc
 $ (in netns) DOCKER_OPTS="--dns=YOURDNSHERE" DOCKER_HOST=unix:///var/run/docker-netns.sock sudo --user archie --preserve-env docker ... # your docker command here
	# After creating the network namespace e.g. vo_none_none
	# See https://unix.stackexchange.com/questions/686155/how-can-i-use-a-bind-mount-in-a-network-namespace
	# The trick is to bind mount sys, as otherwise ip netns exec will create a mount namespace without it
	# Note that each invocation of ip netns exec has its own mount namespace!
	$ (on host) sudo -E unshare -m sh -c 'mount --bind /sys /sys; exec ip netns exec vo_none_none sudo --user archie --preserve-env bash'
	$ (in netns) sudo umount /sys
	$ (in netns) sudo dockerd --host=unix:///var/run/docker-netns.sock --data-root=/var/lib/docker-netns --default-runtime=runc
	$ (in netns) DOCKER_OPTS="--dns=YOURDNSHERE" DOCKER_HOST=unix:///var/run/docker-netns.sock sudo --user archie --preserve-env docker ... # your docker command here