jessfraz
commented
6 years ago yes that would be awesome!!!
Open AkihiroSuda opened 6 years ago
jessfraz
commented
6 years ago yes that would be awesome!!!
jessfraz
commented
6 years ago I gave you push access too if you want it :)
AkihiroSuda
commented
6 years ago Thank you for giving me the push access 😄
cyphar
commented
6 years ago By the way, we really should have an OCI hook for slirp (like CNI or netns) so you don't have to run all the commands by a higher-level management process.
AkihiroSuda
commented
6 years ago Yes, I think we can implement it using libslirp
AkihiroSuda
commented
6 years ago Looks like we should use https://github.com/google/netstack instead to avoid extra dependency
jessfraz
commented
6 years ago ah yeah the netstack stuff is dope :) i know @crawshaw worked on that :)
(demo: https://github.com/AkihiroSuda/runrootless/tree/master/misc/vde)
Slirp is slow and exposing container ports is troublesome, but I think it is ok for image building.
Another idea is to use SUID binary as in
lxc-user-net, but it is less secure.