在内核 3.10 中使用以下命令创建网络命名空间时遇到了这个问题。
bash# ip netns add ns1
mount --bind /var/run/netns /var/run/netns failed: Invalid argument
debugshell# strace ip netns add ns1
execve("/sbin/ip", ["ip", "netns", "add", "ns1"], [/* 14 vars */]) = 0
brk(0) = 0x1aaa000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f947281f000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=25839, ...}) = 0
mmap(NULL, 25839, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f9472818000
close(5) = 0
open("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\16\0\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=14640, ...}) = 0
mmap(NULL, 2109720, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f94723fb000
mprotect(0x7f94723fe000, 2093056, PROT_NONE) = 0
mmap(0x7f94725fd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x2000) = 0x7f94725fd000
close(5) = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p\31\2\0\0\0\0\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0755, st_size=1716712, ...}) = 0
mmap(NULL, 3828864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f9472054000
mprotect(0x7f94721f1000, 2097152, PROT_NONE) = 0
mmap(0x7f94723f1000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x19d000) = 0x7f94723f1000
mmap(0x7f94723f7000, 15488, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f94723f7000
close(5) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9472817000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9472816000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9472815000
arch_prctl(ARCH_SET_FS, 0x7f9472816700) = 0
mprotect(0x7f94723f1000, 16384, PROT_READ) = 0
mprotect(0x7f94725fd000, 4096, PROT_READ) = 0
mprotect(0x7f9472820000, 4096, PROT_READ) = 0
munmap(0x7f9472818000, 25839) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 5
setsockopt(5, SOL_SOCKET, SO_SNDBUF, [32768], 4) = 0
setsockopt(5, SOL_SOCKET, SO_RCVBUF, [1048576], 4) = 0
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=29653, groups=00000000}, [12]) = 0
mkdir("/var/run/netns", 0755) = -1 EEXIST (File exists)
mount("", "/var/run/netns", "none", MS_REC|MS_SHARED, NULL) = -1 EINVAL (Invalid argument)
mount("/var/run/netns", "/var/run/netns", 0x434746, MS_BIND, NULL) = -1 EINVAL (Invalid argument)
write(2, "mount --bind /var/run/netns /var"..., 68mount --bind /var/run/netns /var/run/netns failed: Invalid argument
) = 68
exit_group(-1) = ?
+++ exited with 255 +++
答案1
根据安装(2) 手册,在这种情况下可以返回 EINVAL:
In an unprivileged mount namespace (i.e., a mount namespace
owned by a user namespace that was created by an unprivileged
user), a bind mount operation (MS_BIND) was attempted without
specifying (MS_REC), which would have revealed the filesystem
tree underneath one of the submounts of the directory being
bound.
最新版本的 iproute2 使用 MS_BIND 和 MS_REC 标志进行此挂载,从4.13版本开始。
尝试在运行之前手动进行安装ip netns add:
mkdir -p /var/run/netns
mount --rbind /var/run/netns /var/run/netns
mount --make-shared /var/run/netns