Herbert Poetzl <herbert at 13thfloor.at> writes: > On Thu, Sep 07, 2006 at 08:23:53PM +0400, Kirill Korotaev wrote: > > well, who said that you need to have things like RAW sockets > or other protocols except IP, not to speak of iptable and > routing entries ... > > folks who _want_ full network virtualization can use the > more complete virtual setup and be happy ... Exactly this was a proposal for isolation for containers that don't get CAP_NET_ADMIN, with a facility that could easily be general purpose. Eric
