5

Is there a way to inspect the files and directories of another mount namespace?

setns(2) syscall appears to be able to move a thread to another namespace, but if this functionality is not already built in to a program (a shell, fileserver, ..), it appears that executing a new process is required. And since the target mount namespace may not contain the required binary, this is a problem.

Edit:
What I am looking for is a "user-friendly" way to access the files in the namespace. I can imagine there being, for example, a way to mount the namespace somewhere on the host system. But since I don't know what's possible, I'm asking.

Gima
  • 153
  • 6

1 Answers1

7

You'll need to define "user friendly" if you want a guaranteed satisfactory answer, but depending on your needs, /proc/<PID>/root to get the entire filesystem hierarchy as seen by a specific process, and /proc/<PID>/mounts (and /proc/<PID>/mountinfo) for what's mounted where, might get you where you need to go. If you only have a file descriptor for a namespace, you're in a far less pleasant position, because I'm not aware of any way you can go from file descriptor to a PID that's already in the namespace, but if that's where you're coming from, you left the "user friendly" reservation a long time ago, and contortions are to be expected.

womble
  • 95,029
  • 29
  • 173
  • 228
  • 1
    That `/proc//root/` was the exact thing I was looking for, thank you! ❤️ – Gima Oct 18 '17 at 22:31
  • The `/proc//root/` is what I needed as well. I also want to mention that I initially thought it would not work, since it appears to just be a broken symlink. But if you actually try to access it, it works! – likebike Sep 02 '22 at 17:47