> Can I ask you both why you chose this route of creating a private network? As far as I can
> tell, by default systemd-spawn will allow the container to use the host's interface. I would
> have thought that would be adequate for most usecases?
>
> Paul
My first tests with nspwan/networkd, with a very minimal configuration
(just one eth netcl profile) left me with a working network on
container, but as you said, the container was using host interface
(enp7s0 in my case). Thus, same IP for both and no container network
"isolation".
>From SYSTEMD-NSPAWN(1)
--private-network
Disconnect networking of the container from the host. This
makes all network
interfaces unavailable in the container, with the exception
of the loopback device and
those specified with --network-interface= and configured
with --network-veth.
That is exactly what I wanted. In my case, as the container is aimed
at hosting various web apps with a static IP, I wanted to isolate the
container network from the host one.
