docker networking namespace not visible in ip netns list

Question

When I create a new docker container like with

docker run -it -m 560m --cpuset-cpus=1,2 ubuntu sleep 120

and check its namespaces, I can s

Answer 1

As @jary indicates, the ip netns command only works with namespace symlinks in /var/run/netns. However, if you you have the nsenter command available (part of the util-linux package), you can accomplish the same thing using the PID of your docker container.

To get the PID of a docker container, you can run:

docker inspect --format '{{.State.Pid}}' 

To get a command inside the network namespace of a container:

nsenter -t  -n 

E.g:

$ docker inspect --format '{{.State.Pid}}' weechat
4432
$ sudo nsenter -t 4432 -n ip addr show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
75: eth0@if76:  mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:1b brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.27/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:1b/64 scope link 
       valid_lft forever preferred_lft forever

The above was equivalent to running ip netns exec ip addr show.

As you can see here, you will need to run nsenter with root privileges.