How to check if a kernel namespace is active in Linux

Introduction

In this lab, you will learn how to check if kernel namespaces are active in Linux. We will explore different methods to identify and verify the presence of namespaces, which are crucial for process isolation and containerization.

You will begin by using the lsns command to list the various namespaces on your system, understanding their types and associated processes. Next, you will examine the namespace links within the /proc/self/ns directory to see how processes are linked to specific namespaces. Finally, you will specifically verify network namespaces using the ip netns command, a common tool for managing network isolation.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicSystemCommandsGroup(["Basic System Commands"]) linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux(("Linux")) -.-> linux/SystemInformationandMonitoringGroup(["System Information and Monitoring"]) linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux(("Linux")) -.-> linux/PackagesandSoftwaresGroup(["Packages and Softwares"]) linux/BasicSystemCommandsGroup -.-> linux/read("Input Reading") linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/SystemInformationandMonitoringGroup -.-> linux/ps("Process Displaying") linux/RemoteAccessandNetworkingGroup -.-> linux/ip("IP Managing") linux/PackagesandSoftwaresGroup -.-> linux/apt("Package Handling") subgraph Lab Skills linux/read -.-> lab-558722{{"How to check if a kernel namespace is active in Linux"}} linux/ls -.-> lab-558722{{"How to check if a kernel namespace is active in Linux"}} linux/ps -.-> lab-558722{{"How to check if a kernel namespace is active in Linux"}} linux/ip -.-> lab-558722{{"How to check if a kernel namespace is active in Linux"}} linux/apt -.-> lab-558722{{"How to check if a kernel namespace is active in Linux"}} end

List namespaces with lsns

In this step, you will learn how to list the namespaces present on your system using the lsns command. Namespaces are a fundamental concept in Linux that provide isolation for various system resources, such as processes, network interfaces, mount points, and more. This isolation is key to technologies like containers.

The lsns command is part of the util-linux package and is used to list information about the namespaces on your system.

First, let's ensure the util-linux package is installed. While it's usually present, it's good practice to check. We can use apt for this.

Open your terminal if it's not already open. You can find the Xfce Terminal icon on the left side of your desktop.

Now, type the following command to update your package list:

sudo apt update

Press Enter. You might see output similar to this:

Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
...

Next, let's install util-linux. Type the following command and press Enter:

sudo apt install util-linux

You might see output indicating that the package is already installed, which is fine. If it installs, you'll see progress bars and confirmation.

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
util-linux is already the newest version (x.xx.x-xu).
0 upgraded, 0 newly installed, 0 to remove and xx not upgraded.

Now that we're sure lsns is available, let's use it to list the namespaces. Type the following command and press Enter:

lsns

You will see output similar to this, showing different types of namespaces and the processes associated with them:

        NS TYPE   NPROCS   PID PPID       CMD
4026531835 cgroup      1     1    0     /sbin/init
4026531836 pid         1     1    0     /sbin/init
4026531837 user        1     1    0     /sbin/init
4026531838 uts         1     1    0     /sbin/init
4026531839 ipc         1     1    0     /sbin/init
4026531840 mnt         1     1    0     /sbin/init
4026531841 net         1     1    0     /sbin/init
4026532720 cgroup     10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532721 pid        10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532722 user       10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532723 uts        10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532724 ipc        10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532725 mnt        10   700  699 /usr/lib/xfce4/xfconf/xfconfd
4026532726 net        10   700  699 /usr/lib/xfce4/xfconf/xfconfd
...

The output shows columns like NS (Namespace ID), TYPE (Type of namespace, e.g., cgroup, pid, user, uts, ipc, mnt, net), NPROCS (Number of processes in the namespace), PID (Process ID), PPID (Parent Process ID), and CMD (Command).

This command gives you a high-level overview of the namespaces active on your system and the processes running within them.

Click Continue to proceed to the next step.

Check namespace links in /proc/self/ns

In the previous step, you used lsns to see a list of namespaces on the system. Now, let's explore how a running process relates to these namespaces.

Every process in Linux has a special directory under /proc/<pid>/ns/ that contains symbolic links to the namespaces it belongs to. The /proc/self/ directory is a symbolic link to the /proc/<pid>/ directory of the currently running process (in this case, your terminal session).

Let's list the contents of the /proc/self/ns/ directory to see the namespace links for your current terminal process.

Type the following command in your terminal and press Enter:

ls -l /proc/self/ns/

You will see output similar to this:

total 0
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 cgroup -> "cgroup:[4026532720]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 ipc -> "ipc:[4026532724]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 mnt -> "mnt:[4026532725]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 net -> "net:[4026532726]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 pid -> "pid:[4026532721]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 user -> "user:[4026532722]"
lrwxrwxrwx 1 labex labex 0 Jul 24 09:00 uts -> "uts:[4026532723]"

Each line represents a different type of namespace (cgroup, ipc, mnt, net, pid, user, uts) and is a symbolic link (->) pointing to the actual namespace file in the kernel's internal representation. The number in the square brackets (e.g., [4026532720]) is the unique ID of that specific namespace, which you saw in the output of the lsns command in the previous step.

This shows you that your current terminal process is part of several different namespaces, providing it with its own isolated view of certain system resources.

Understanding /proc/<pid>/ns/ is crucial for debugging and inspecting the namespace configuration of running processes, especially in containerized environments.

Click Continue to move on.

Verify network namespaces with ip netns

In the previous steps, you learned about namespaces in general and how to see the namespace links for a process. Now, let's focus specifically on network namespaces and how to manage them using the ip command.

Network namespaces provide a separate network stack for processes, including network interfaces, IP addresses, routing tables, and firewall rules. This is fundamental for isolating network traffic, as used in containers and virtual networking.

The ip command is a powerful utility for network configuration in Linux. The ip netns subcommand is used specifically for managing network namespaces.

To list the currently configured network namespaces, use the list option with ip netns.

Type the following command in your terminal and press Enter:

ip netns list

In a typical LabEx environment, which is often a container, you might not see any explicitly created network namespaces listed by this command initially. The output might be empty:

This is because the primary network namespace your terminal is running in is the default one, and ip netns list typically shows namespaces that have been explicitly created and registered.

However, you can still see the network namespace your current process belongs to by examining the /proc/self/ns/net symbolic link, as you did in the previous step. The ip netns command is more for managing named network namespaces that you might create for specific isolation purposes.

While we won't create new network namespaces in this introductory lab, understanding that ip netns list is the command to see them is important for future learning about network isolation.

You have now explored namespaces using lsns, examined process-specific namespace links in /proc, and learned the command to list network namespaces.

Click Continue to complete the lab.

Summary

In this lab, we learned how to check for active kernel namespaces in Linux. We began by using the lsns command to list the various namespaces present on the system, understanding that namespaces provide isolation for system resources and are fundamental to container technologies. We ensured the util-linux package, which contains lsns, was installed using apt.

After listing namespaces with lsns, the subsequent steps, which were not fully detailed in the provided content, would involve checking namespace links within the /proc/self/ns directory and verifying network namespaces specifically using the ip netns command. These methods offer alternative ways to inspect and confirm the presence and state of different types of kernel namespaces.