On 2020-11-17 20:14, Jorge Fábregas wrote:
Ok, I've just did it now. I launched my VPN within a container. Then
on my host I searched for the $PID of the process and then:
nsenter -t $PID -n firefox
Now Firefox shares the network namepsace of the running container
(without having to create a "firefox container" beforehand...).
Very good idea, namespaces are a very powerful tool that many people ignore.
I sometimes want to run a program without allowing any network access,
my approach is:
unshare -n /bin/bash
this will give you a shell where everything can be run, but ifconfig -a will
show you that there is no network interfaces (localhost is missing too).
In your case you should play with the VPN in the secondary namespace,
where you have to arrange a way to have some way traffic out, so that
the VPN can work.
The idea of letting podman do all the setup and then "borrow" the namespace
for something out of the container is very smart.
("container" is a meaningless word; the kernel only knows about namespaces,
you can use or not each of them, in your case network is all you need...)
Best regards.
--
Roberto Ragusa mail at robertoragusa.it
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
