On Tue, Aug 24, 2021 at 06:41:59PM -0400, Mason Loring Bliss wrote: > So, whether you set it persistently or not, you start with: > > sudo sysctl -w kernel.unprivileged_userns_clone=1 > > ...and then you can run something that has no configured network: > > $ unshare -n ping 4.2.2.1 > unshare: unshare failed: Operation not permitted
Didn't follow up here. One also needs to be mapped to root inside the
namespace:
$ unshare -r -n ping 4.2.2.1
connect: Network is unreachable
Without that, it doesn't do much. =cough=
--
Mason Loring Bliss (( If I have not seen as far as others, it is because
ma...@blisses.org )) giants were standing on my shoulders. - Hal Abelson
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
