From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Julian Orth <ju.orth@gmail.com>,
WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: network namespace wireguard routing [Was: Re: Userspace Networking Stack + WireGuard + Go]
Date: Thu, 14 Jan 2021 11:44:45 +0100 [thread overview]
Message-ID: <87mtxbsspu.fsf@toke.dk> (raw)
In-Reply-To: <CAHmME9rMJ2R3X0iUdYZhGfL6+J0xRyrnvmBws-6T4itP0tZFmA@mail.gmail.com>
"Jason A. Donenfeld" <Jason@zx2c4.com> writes:
> On Wed, Jan 13, 2021 at 5:46 PM Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>> 5. also requires CAP_SYS_ADMIN (and I think by extension, so does 3.,
>> and 4.). From 'man setns':
>>
>> Network, IPC, time, and UTS namespaces
>> In order to reassociate itself with a new network, IPC,
>> time, or UTS namespace, the caller must have the
>> CAP_SYS_ADMIN capability both in its own user namespace
>> and in the user namespace that owns the target namespace.
>
> For this, you just create a new user namespace first. You can try it
> yourself from the command line:
>
> zx2c4@thinkpad ~ $ unshare -n
> unshare: unshare failed: Operation not permitted
> zx2c4@thinkpad ~ $ unshare -Un
> nobody@thinkpad ~ $ ip a
> 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Ah, right, of course, silly me :)
-Toke
next prev parent reply other threads:[~2021-01-14 10:47 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-13 16:04 Userspace Networking Stack + WireGuard + Go Jason A. Donenfeld
2021-01-13 16:26 ` Julian Orth
2021-01-13 16:33 ` network namespace wireguard routing [Was: Re: Userspace Networking Stack + WireGuard + Go] Jason A. Donenfeld
2021-01-13 16:40 ` Julian Orth
2021-01-13 16:46 ` Toke Høiland-Jørgensen
2021-01-13 16:49 ` Jason A. Donenfeld
2021-01-14 10:44 ` Toke Høiland-Jørgensen [this message]
2021-01-15 8:12 ` Userspace Networking Stack + WireGuard + Go Marc-André Lureau
2021-01-14 23:25 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mtxbsspu.fsf@toke.dk \
--to=toke@toke.dk \
--cc=Jason@zx2c4.com \
--cc=ju.orth@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.