Run container inside rootless netns

[M1cha]

Feature request description

It would be great if you could run a container inside the network namespace that you can also enter via podman unshare --rootless-netns. This would make it easier to run things like Zephyrs native_tap inside a container. This driver connects to a tap interface which was manually added to the docker bridge.

Suggest potential solution

Something like podman run --network rootless-netns ....

Have you considered any alternatives?

podman run --network=ns:/run/user/1000/containers/networks/rootless-netns/rootless-netns ... already works, but requires figuring out the path to the netns yourself.

Additional context

No response

[Luap99]

Mhh, I am not sure how I feel about exposing this. On the one hand I definitely see the use case and that this is better than --network=ns:/run/user/1000/containers/networks/rootless-netns/rootless-netns mainly because the netns will only be created on demand (i.e. the first container start on a custom network) and then deleted again when the last container exits so if we would expose this directly we could make sure this container would be accounted for in that logic and the netns will be created if not already.

That said I consider the content of the rootless-netns a implementation detail and not a stable interface, if we need to change how the rootless-netns works to enable new features or fix other issues then I will do so as long as it doesn't cause breaking changes for the actual custom networks users.

--network rootless-netns

Well this the annoying part with the network option. It accepts both custom network names and what we call network modes (host, ns:... container:..., pasta,etc...) adding a rootless-netns while possible breaks backwards compatibility if a user would have a network named like that.