Neat. Thanks for the info. I was actually wondering about just that very thing (how to block a program's network access) when the audacity topic restarted.
Mason Loring Bliss wrote: > On Tue, Aug 24, 2021 at 06:41:59PM -0400, Mason Loring Bliss wrote: > >> So, whether you set it persistently or not, you start with: >> >> sudo sysctl -w kernel.unprivileged_userns_clone=1 >> >> ...and then you can run something that has no configured network: >> >> $ unshare -n ping 4.2.2.1 >> unshare: unshare failed: Operation not permitted > Didn't follow up here. One also needs to be mapped to root inside the > namespace: > > $ unshare -r -n ping 4.2.2.1 > connect: Network is unreachable > > Without that, it doesn't do much. =cough= > > > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
