Use syscall instead of subprocess

[kunaltyagi]

Currently, vpn-slice requires running as root because it has a subprocess call:

• replace_route which calls ip route replace

Running scripts with root access (even open source) is a sytem risk. By performing a syscall, we give the option to the users to:

• escalate to root (via sudo or otherwise)
• set capability at a coarse/fine level, eg: setcap cap_net_admin+ep $(which vpn-slice)

The need for writing in /etc/hosts can be eliminated by assigning it a custom group and using sg

Proposal: Use SIOCADDRT and SIOCDELRT for the ioctl calls

[dlenski]

On Linux, OpenConnect doesn't just call ip route replace. It also…

• Calls a whole bunch of other ip commands which require capabilities (e.g. ip route del, ip addr add, ip link set … mtu=X)
• It also calls iptables (for firewalling off unexpected incoming traffic)
• It also writes /etc/hosts (as you noted)

While allowing fine-grained capabilities is a worthwhile idea, it also seems like a fair amount of work.

If you want to take a crack at a PR for it, please go ahead and I'll be happy to review it.

You'd need to figure out how to replace the route, firewall, hosts, and prep provider classes on Linux with new classes that are drop-in replacements.

[kunaltyagi]

cap_net_admin would cover the ip related permissions (all of them). Let me take a look at the code (around 11 August)