2

In linux you can create network namespaces, using the ip command. But you need to be root to run that command. However you can still create network namespaces as a regular user using unshare -rUn. With this command, the new network namespace will be owned by a restricted user namespace.

With a new network namespace i can't connect to internet. Creating a veth pair requires root, is there a way to allow my network namespace to connect to the internet without root?. I know that many features like sharing the physical network with the namespace would not be possible. Can you create virtual interfaces like tun0 in a restricted network namespace.

With a network namespace owned by a regular user, you can for example run openvpn without root.

$ create-network-namespace
$ openvpn home.ovpn
$ google-chrome
Improve this question

1 Answer 1

Reset to default
3

I found the solution, there already exists a project on github which creates a virtual tap device in the namespace and uses the socket syscall in the host namespace. Every packet sended through TAP will be transformed to a socket operation.

https://github.com/rootless-containers/slirp4netns

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.