Netns service

etc/systemd/system/netns@.service

@@ -0,0 +1,27 @@
+# netns@.service
+
+[Unit]
+Description=Named network namespace %I
+Documentation=https://github.com/systemd/systemd/issues/2741#issuecomment-336736214
+StopWhenUnneeded=true
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+
+# Ask systemd to create a network namespace
+PrivateNetwork=yes
+
+# Ask ip netns to create a named network namespace
+# (This ensures that things like /var/run/netns are properly setup)
+# (Why flock? See https://bugs.debian.org/949235)
+ExecStart=/usr/bin/flock --no-fork -- /var/run/netns.lock /bin/ip netns add %I
+
+# Drop the network namespace that ip netns just created
+ExecStart=/bin/umount /var/run/netns/%I
+
+# Re-use the same name for the network namespace that systemd put us in
+ExecStart=/bin/mount --bind /proc/self/ns/net /var/run/netns/%I
+
+# Clean up the name when we are done with the network namespace
+ExecStop=/bin/ip netns delete %I