#!/bin/bash ENVNAME=$1 LAST_OCTET=$2 HASH=$(echo $ENVNAME | md5sum | head -c 6) IP_OCTET_3=$(printf "%d" 0x$(echo $HASH | head -c 2)) IP_OCTET_4=$(printf "%d" 0x$(echo $HASH | tail -c 2)) IP_ADDR=10.0.$IP_OCTET_3.$IP_OCTET_4 # create root ns holder touch .fleck-lock mkdir -p .fleck-ns flock -Fn .fleck-lock -c 'exec unshare -mrnU sh -c "echo $$ > .fleck-lock; rm .fleck-ns/netns/*; mount --bind .fleck-ns /run; exec sleep infinity"' & sleep .1 ROOT_PID=$(cat .fleck-lock) nsenter --preserve-credentials -U -m -n -t $ROOT_PID bash -x < /dev/null || ( ip link set lo up ip link add name fleck-br type bridge ip link set dev fleck-br up ) # set up namespace? grep ^$ENVNAME$ <(ip netns list | awk '{print \$1}') > /dev/null || ( ip netns add $ENVNAME > /dev/null ip link add $ENVNAME-root type veth peer name $ENVNAME-inner netns $ENVNAME ip link set $ENVNAME-root up ip link set $ENVNAME-root master fleck-br ip netns exec $ENVNAME ip link set up lo ip netns exec $ENVNAME ip link set up $ENVNAME-inner ip netns exec $ENVNAME ip addr add $IP_ADDR/16 dev $ENVNAME-inner ip netns exec $ENVNAME ip route add 224.0.0.0/4 dev $ENVNAME-inner ) ROOT_NS # give a shell exec nsenter -w --preserve-credentials -U -m -n -t $ROOT_PID bash -i -c "DEBIAN_CHROOT=$ENVNAME ip netns exec $ENVNAME unshare --map-user=1024 $SHELL"