> The privilege requirement could be lifted I think, I guess you want to run this in an unpriv container? Yes, we have a privileged component that enters the network namespace of unprivileged containers to setup rules. So we can setup iptables rules, etc, but in our user space proxy doing things that require privileges link setting marks or IP_TRANSPARENT won't work.
