On Fri, May 6, 2016, at 04:51 PM, Muayyad AlSadi wrote:
> What I'm considering is not a complex daemon/service that create the
> container but just create veth pair.
> Unc proof of concept uses two separated binaries unc that creates
> container and unet which is the setuid that configure it's network
It'd likely be interesting for bubblewrap to support some mechanism for
passing in an externally-configured network namespace. I can see
various use cases for that.
Concretely, one might want to disallow access to the active VPN tunnel,
or use a packet filter.
I filed https://github.com/projectatomic/bubblewrap/issues/61
