[CHI@Edge] Deny local network access, unless permitted by device owner - Githubissues

ChameleonCloud / chi-in-a-box

Packaging the systems and operations of the Chameleon testbed

Apache License 2.0

15 stars 10 forks source link

[CHI@Edge] Deny local network access, unless permitted by device owner #210

Closed msherman64 closed 1 year ago

msherman64 commented 2 years ago

This is a top-level issue, showing subtasks needed to support control of local network access.

The desired policy is as follows:

By default, containers cannot send egress traffic to private (RFC1918) IP address
If a device owner permits, allow egress traffic from containers to networks attached to said device.

Subtasks to enable this: