On Wed, 2020-11-18 at 11:51 +0100, Roberto Ragusa wrote:
> [snip]
> Very good idea, namespaces are a very powerful tool that many people
> ignore.
>
> I sometimes want to run a program without allowing any network
> access,
> my approach is:
>
> unshare -n /bin/bash
>
> this will give you a shell where everything can be run, but ifconfig
> -a will
> show you that there is no network interfaces (localhost is missing
> too).
>
> In your case you should play with the VPN in the secondary namespace,
> where you have to arrange a way to have some way traffic out, so that
> the VPN can work.
> The idea of letting podman do all the setup and then "borrow" the
> namespace
> for something out of the container is very smart.
>
> ("container" is a meaningless word; the kernel only knows about
> namespaces,
> you can use or not each of them, in your case network is all you
> need...)
>
> Best regards.
>
> --
> Roberto Ragusa mail at robertoragusa.it
>
I'd like to say thanks to everybody who responded. I don't know much
about containers, so I'll have to do some self-educating to see if
these are good solutions -- but they certainly look like a good place
to dig around in. I appreciate the help. If I get a solution, I'll
check back in and let folk know how it turned out.
billo
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
