On 11/05/2019 17.04, Steve Dodd wrote: > On Sat, 11 May 2019 at 02:09, Sitaram Chamarty <[email protected] > <mailto:[email protected]>> wrote:
> Some other tool, if it's running as root or is suid root, can > still bypass wireguard, regardless of how it is setup. > > > I suspect that can be prevented - on modern systems being root isn't > necessarily the be-all and end-all. Capabilities and namespaces can > still be used to constrain applications in lots of ways. Thanks for the links. I had not read the netns page on wireguard.com till now. The last section of that page, "the new namespace solution", appears to do exactly this; I'm going to try that out when I get some time. thanks again sitaram _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
