From: Alan Brady <abrady@nvidia.com>
Date: Wed, 6 Aug 2025 17:38:59 +0000 (+0300)
Subject: nspawn: add NamespacePath support for nspawn files
X-Git-Tag: v259-rc1~575
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=113ef2326433c52d9be4d4a95ad7a3e859160f53;p=thirdparty%2Fsystemd.git

nspawn: add NamespacePath support for nspawn files

Commit d7bea6b6 ("nspawn: introduce an option for specifying network
namespace path") already did most of the work here enabling a command
line option for specifying the namespace path for a given container.
Someone even took care of the merging code in merge_settings as though
this already worked. All that's then needed is to add a line to the
nspawn-gperf.gperf file to actually enable being able to specify
NamespacePath from nspawn files as well.

This greatly simplifies how we configure nspawn containers by being able
to give all the options we need in .nspawn files instead of needing to
also use command line parameters.

Closes: #27188
---

diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index 1db41a1b72c..6492a8911aa 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -585,6 +585,26 @@
         <xi:include href="version-info.xml" xpointer="v226"/></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>NamespacePath=</varname></term>
+
+        <listitem><para>Takes the path to a file representing a kernel
+        network namespace that the container shall run in. The specified path
+        should refer to a (possibly bind-mounted) network namespace file, as
+        exposed by the kernel below <filename>/proc/$PID/ns/net</filename>.
+        This makes the container enter the given network namespace. One of the
+        typical use cases is to give a network namespace under
+        <filename>/run/netns</filename> created by <citerefentry
+        project='man-pages'><refentrytitle>ip-netns</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+        for example, <varname>NamespacePath=/run/netns/foo</varname>.
+        Note that this option cannot be used together with other
+        network-related options, such as <varname>Private=</varname>
+        or <varname>Interface=</varname>. This option corresponds to the
+        <option>--network-namespace-path</option> command line switch.</para>
+
+        <xi:include href="version-info.xml" xpointer="v259"/></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>VirtualEthernet=</varname></term>
 
diff --git a/src/nspawn/nspawn-gperf.gperf b/src/nspawn/nspawn-gperf.gperf
index 7a8a8d8b3d0..9c886f71212 100644
--- a/src/nspawn/nspawn-gperf.gperf
+++ b/src/nspawn/nspawn-gperf.gperf
@@ -73,6 +73,7 @@ Files.PrivateUsersOwnership,  config_parse_userns_ownership, 0,
 Files.BindUser,               config_parse_bind_user,      0,                        offsetof(Settings, bind_user)
 Files.BindUserShell,          config_parse_bind_user_shell, 0,                       0
 Network.Private,              config_parse_tristate,       0,                        offsetof(Settings, private_network)
+Network.NamespacePath,        config_parse_path,           0,                        offsetof(Settings, network_namespace_path)
 Network.Interface,            config_parse_network_iface_pair, 0,                    offsetof(Settings, network_interfaces)
 Network.MACVLAN,              config_parse_macvlan_iface_pair, 0,                    offsetof(Settings, network_macvlan)
 Network.IPVLAN,               config_parse_ipvlan_iface_pair, 0,                     offsetof(Settings, network_ipvlan)