Closed planetoryd closed 1 year ago
I'm still not sure what slirp4netns does under the hood or how should I use it.
https://github.com/rootless-containers/slirp4netns#motivation
It creates a TAP device inside a network namespace. Outside the sandbox it can bind to a specific address.
It doesn't sound very elegant. Process netnses are ephemeral. It means I have to call my tool each time I launch my app ?
Any namespace is ephemeral. Nothing stops you from automating the process.
along with the long requested sandbox having netns with VPN
It should be already possible with slript4netns
service. (but slirpt4netns
is pretty buggy in general)
Description
For this exact purpose I wrote a script. https://github.com/planetoryd/netns-proxy/ Also to demonstrate what my need is.
I'm still not sure what slirp4netns does under the hood or how should I use it.
So, configure and spawning tun2socks+dnsproxy for each process' netns I think ? IDK. It doesn't sound very elegant. Process netnses are ephemeral. It means I have to call my tool each time I launch my app ?
However this feature is implemented, I'd like some official-ish support for socks5-proxied NetNSes, or custom netns in general (along with the long requested sandbox having netns with VPN TUNs)