How to spawn a thread into a network namespace? RRS feed

  • Question

  • Hello people,

    I've written a Rust library for Linux which allows spawning a process into an isolated network namespace. The spawned process shares virtual memory and file descriptors with the parent (essentially just acting as a thread) but has its own view of the machine's network interfaces, routing table etc. On Linux this is implemented using `clone(CLONE_NEWNET | CLONE_NEWUSER ...)`. See here ( for some examples of this library in use.

    I want to try and port this library to Windows. Is this possible? What APIs do I need to look at? From my googling I can't figure out what APIs exist on Windows for creating containers and how much fine-grained control they give. eg. is it possible to containerize just the networking aspect of a single thread/process?

    Any help would be great, I don't have much experience with Windows' APIs.

    Friday, March 23, 2018 7:29 AM