# netns@.service

[Unit]
Description=Named network namespace %I
Documentation=https://github.com/systemd/systemd/issues/2741#issuecomment-336736214
StopWhenUnneeded=true

[Service]
Type=oneshot
RemainAfterExit=yes

# Ask systemd to create a network namespace
PrivateNetwork=yes

# Ask ip netns to create a named network namespace
# (This ensures that things like /var/run/netns are properly setup)
# (Why flock? See https://bugs.debian.org/949235)
ExecStart=/usr/bin/flock --no-fork -- /var/run/netns.lock /bin/ip netns add %I

# Drop the network namespace that ip netns just created
ExecStart=/bin/umount /var/run/netns/%I

# Re-use the same name for the network namespace that systemd put us in
ExecStart=/bin/mount --bind /proc/self/ns/net /var/run/netns/%I

# Clean up the name when we are done with the network namespace
ExecStop=/bin/ip netns delete %I