Docker container not maintain namespace state after restart.

[Vu Nguyen Duy (CBR09)]

Hi all,

Currently, I want to able create net namespace in container. I've tried with:

[root@cauberong ~]# docker run -ti --name testns --privileged=True --cap-add ALL -v /var/run:/var/run ubuntu

and can create, exec net namespace.

root@9357a21d6604:/# ip netns ls

root@9357a21d6604:/# ip netns add blue

root@9357a21d6604:/# ll /var/run/netns/blue 

-r--r--r-- 1 root root 0 Oct 29 04:05 /var/run/netns/blue

root@9357a21d6604:/# ip netns exec blue ip a

1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

But when I've restarted containers: these previous net namespaces cannot exec, and it lost read permission.

[root@cauberong ~]# docker restart testns

[root@cauberong ~]# docker exec -ti testns bash

root@9357a21d6604:/# ll /var/run/netns/

total 0

drwxr-xr-x  2 root root   60 Oct 29 04:05 ./

drwxr-xr-x 46 root root 1320 Oct 29 02:36 ../

----------  1 root root    0 Oct 29 04:05 blue

root@9357a21d6604:/# ip netns exec blue ip a

seting the network namespace "blue" failed: Invalid argument

Any idea to fix it?

Thanks all.