Closed tril0byte closed 1 year ago
updating the /etc/hosts should be filtered to only allow the specific domain netmaker is in control of
netclient will not be making exec calls to wg-quick but rather through direct library calls the library calls make changes to networks and routing (as a minimum netclient needs to add a route for the wireguard network) .. in the case of gateways, netclient also need to make change to netfilter in kernel the same way iptables(or nftables does)
All these require root.
That being said, running without root is being investigated but will not be available in the near future
unprivileged netclient GUI available in v0.19.0
I want to run netclient as a normal user. If the netmaker server is compromised, the netclient should only be permitted to affect wireguard tunnels. This has several requirements:
What else does netclient need root for?