lsns

List all namespaces

$ lsns

$ lsns [[-J|--json]]

$ lsns [[-p|--task]] [pid]

$ lsns [[-t|--type]] [mnt|net|ipc|user|pid|uts|cgroup|time]

$ lsns [[-o|--output]] [NS,TYPE,PID,COMMAND]

lsns [options]

--all, -a
    Displays all accessible namespaces, including non-persistent ones like PID namespaces that might not have a running process within them directly.

--canonical, -c
    Uses a canonical format for output, which can make it easier to parse programmatically.

--json, -J
    Outputs the information in JSON format, suitable for machine parsing.

--list, -l
    Presents the output in a list-like format, enhancing readability.

--noheadings, -n
    Suppresses the printing of header lines in the output.

--output <list>, -o <list>
    Specifies which columns to display. list is a comma-separated string of column names (e.g., PID,NS,TYPE,NSPID,COMMAND). Use lsns --help for available columns.

--pids <list>, -p <list>
    Filters the output to show namespaces associated with the specified process IDs. list is a comma-separated string of PIDs.

--raw, -r
    Produces raw output without any column alignment, useful for scripting.

--types <list>, -t <list>
    Filters the output to show only namespaces of specified types. list is a comma-separated string of types (e.g., mnt,net,pid).

--verbose, -v
    Increases the verbosity of the output, providing more detailed information.

--help, -h
    Displays a help message and exits.

--version
    Outputs version information and exits.

lsns is a command-line utility from the util-linux package used to list and inspect Linux namespaces. Namespaces are a fundamental feature of the Linux kernel that partition kernel resources, enabling isolated environments like containers. lsns provides a comprehensive overview of active namespaces, including their type (mount, UTS, IPC, network, PID, cgroup, user), unique inode number, and associated process IDs (PIDs). It can display the hierarchy of PID namespaces, showing parent-child relationships, and reveal which processes are currently running within each namespace. This tool is invaluable for system administrators and developers working with containers (e.g., Docker, LXC) or understanding process isolation, allowing them to examine the namespace topology, debug isolation issues, and gain insights into the resource partitioning on a Linux system. It typically reads information from the /proc filesystem.

Viewing all namespaces, especially user and PID namespaces, often requires root privileges. Without elevated permissions, lsns might only show namespaces owned by the current user or those globally accessible.
The output can be extensive on systems with many containers or processes, making filtering with options like -t and -p essential for specific queries.

Linux namespaces isolate various system resources. lsns can identify the following types:
mnt: Mount namespace, isolates mount points.
uts: UTS namespace, isolates hostname and NIS domain name.
ipc: IPC namespace, isolates System V IPC and POSIX message queues.
net: Network namespace, isolates network devices, IP addresses, routing tables, etc.
pid: PID namespace, isolates process IDs, providing a separate PID numbering sequence.
cgroup: Cgroup namespace, isolates cgroup root directory and hierarchy view.
user: User namespace, isolates user and group IDs, allowing unprivileged users to have root privileges within the namespace.

To list only network and PID namespaces in a human-readable format:
lsns -t net,pid -l
To see all available columns and their descriptions:
lsns --help

The lsns command is part of the util-linux project, a collection of essential Linux utilities. Its development is closely tied to the evolution and increasing adoption of Linux kernel namespaces, which began appearing in the kernel around version 2.6.24 (for types like mount, UTS, IPC, PID, network) and later with user namespaces (kernel 3.8). lsns provides a user-friendly interface to query the namespace information exposed via the /proc filesystem, making it a critical tool for managing and understanding containerized environments.

unshare(1), nsenter(1), ip-netns(8), namespaces(7), setns(2), clone(2)