Using nsenter to access docker network that has no running containers attached

Question

Everything I read uses the PID of the container that uses that network. Unfortunately the container dies because of a what I think is a network issue. I want to nsenter into the network namespace and run commands rather than run a different container on that network.

My /var/run/docker/netns/ folder is empty. But the network is a bridge network that shows up in docker network ls

Answer 1

When a container is started, it gets it's own network namespace unless it is started with --net=none or --net=host. This namespace gets deleted once the container is stopped. So you won't be able to debug anything related to that container's network once it's not running.

You need to check the container logs as to why the container exited.

Anyways here are some relevant sample commands:

pid=`docker inspect -f '{{.State.Pid}}' $container_id`

mkdir -p /var/run/netns
rm -f /var/run/netns/$container_id
ln -sv /proc/$pid/ns/net /var/run/netns/$container_id
nsenter -m -t `pidof dockerd` nsenter --net=/var/run/docker/netns/4-4ef4272ac1 ip link