NetworkManager/contrib/scripts/nm-in-container.d/data-_nm-in-container-setup.sh

#!/bin/bash -e

if [ ! -d /tmp/sys2 ]; then
    # `ip -netns t exec ...` will try to mount sysfs. But kernel rejects that in
    # the container, unless a writable sysfs is already mounted. Due to --priviledged,
    # we have /sys mounted rw, however, ip will first unmount /sys before trying to
    # remount it. We thus need it mounted as rw one additional time.
    #
    # Let's do this setup step once, and never clean it up.
    # https://github.com/containers/podman/issues/11887#issuecomment-938706628
    mkdir /tmp/sys2
    mount -t sysfs --make-private /tmp/sys2
fi
contrib: setup "nm-in-container.sh" on start via rc.local script We need to mount sysfs, so that `ip netns exec` works. Do that automatically when starting the system container, via rc.local. While at it, use `podman build --squash-all` to speedup the building of the container image. 2022-09-09 16:07:01 +02:00			`#!/bin/bash -e`

			`if [ ! -d /tmp/sys2 ]; then`
			# `ip -netns t exec ...` will try to mount sysfs. But kernel rejects that in
			`# the container, unless a writable sysfs is already mounted. Due to --priviledged,`
			`# we have /sys mounted rw, however, ip will first unmount /sys before trying to`
			`# remount it. We thus need it mounted as rw one additional time.`
			`#`
			`# Let's do this setup step once, and never clean it up.`
			`# https://github.com/containers/podman/issues/11887#issuecomment-938706628`
			`mkdir /tmp/sys2`
			`mount -t sysfs --make-private /tmp/sys2`
			`fi`