Support static (named) network namespaces

Question

Support static (named) network namespaces

phantomcraft opened this issue 2 years ago · 3 comments

phantomcraft commented 2 years ago

It would be a good idea the support for named namespaces (that created by $ ip netns add <some_ns>).

Two or more programs could use the same network stack.

Obviously this require root privileges.

Answer 1 · 2023-10-19T04:10:26.000Z

I'm re-opening this since I think it would be useful, although I don't have any plans to work on it at the moment.

I think in general it would be useful as a way of providing the same "proxy bypass" protection for rootless docker/podman containers. You could create and run a no-network container, then start socksns with the namespace path so that the container could make external requests only through the socks port.

Allowing a namespace path should also allow named namespaces.