search

igo95862 / bubblejail

Bubblewrap based sandboxing for desktop applications
243 stars 17 forks source link

Ability to use a netns proxied with socks5 #52

Closed planetoryd closed 1 year ago

planetoryd commented 1 year ago

Description

For this exact purpose I wrote a script. https://github.com/planetoryd/netns-proxy/ Also to demonstrate what my need is.

I'm still not sure what slirp4netns does under the hood or how should I use it.

If you want your tool to integrate with flatpak you should make it be able to configure existing network namespaces just like slirp4netns does.

So, configure and spawning tun2socks+dnsproxy for each process' netns I think ? IDK. It doesn't sound very elegant. Process netnses are ephemeral. It means I have to call my tool each time I launch my app ?

However this feature is implemented, I'd like some official-ish support for socks5-proxied NetNSes, or custom netns in general (along with the long requested sandbox having netns with VPN TUNs)

igo95862 commented 1 year ago

I'm still not sure what slirp4netns does under the hood or how should I use it.

https://github.com/rootless-containers/slirp4netns#motivation

It creates a TAP device inside a network namespace. Outside the sandbox it can bind to a specific address.

It doesn't sound very elegant. Process netnses are ephemeral. It means I have to call my tool each time I launch my app ?

Any namespace is ephemeral. Nothing stops you from automating the process.

along with the long requested sandbox having netns with VPN

It should be already possible with slript4netns service. (but slirpt4netns is pretty buggy in general)