Add network namespaces for users #103

KellerFuchs · 2016-08-06T20:35:56Z

Do not merge, there are some important parts missing:

DHCP (or whichever other way of allocating addresses) and NAT for IPv4 networking;
fixing resolv.conf, as Unbound doesn't listen on 127.0.0.1 in the user's netns;
computing the user's IPv6 address;
actually putting the user in the network namespace.

Moreover, this probably breaks our current identd setup.

Todo: - add DHCP and NAT setup for IPv4 - add pam_network_namespace to actually make the user enter the namespace

RD/RA should take care of it

- Avoid non-POSIX keywords (function, source) - Use proper quoting - Do not return strings - Avoid [ X -a Y ], as it isn't well-defined

KellerFuchs · 2017-01-04T11:37:10Z

@lrvick Rebased this on the IPv6 branch, so that we can see more easily how it fits with the example config.

daveloyall · 2017-11-03T21:27:37Z

Drive by observation: if outgoing connections are bound to a user's IP (or range? I don't know much about IPv6), the IRC network operators will no longer care about identd operation. The can manage connections (ie, issue bans) based on the IP.

daurnimator · 2017-11-03T23:05:01Z

Drive by observation: if outgoing connections are bound to a user's IP (or range? I don't know much about IPv6), the IRC network operators will no longer care about identd operation. The can manage connections (ie, issue bans) based on the IP.

Users still NAT to the ipv4 internet via the server's main ip.

KellerFuchs assigned daurnimator and lrvick Aug 8, 2016

KellerFuchs mentioned this pull request Oct 28, 2016

gnupg: Update KellerFuchs' key #113

Merged

KellerFuchs force-pushed the netns branch from b73788f to 5ad0d82 Compare December 24, 2016 14:21

KellerFuchs force-pushed the netns branch from 5ad0d82 to 352eeca Compare January 4, 2017 10:42

KellerFuchs added 8 commits January 4, 2017 11:51

Add user network namespaces (INCOMPLETE)

d721e37

Todo: - add DHCP and NAT setup for IPv4 - add pam_network_namespace to actually make the user enter the namespace

netns: Correctly exit if the netns already exists

e813d35

netns: Resolve UID and ignore system users

9e3175c

netns: Construct user's IPv6

c084e0b

netns: Make the default bridge br-users

82bae63

netns: Refactor, introduce an in_ns function

8deea96

netns: No need to manually add routes

f25500f

RD/RA should take care of it

netns: Shellcheck fixups

671205a

- Avoid non-POSIX keywords (function, source) - Use proper quoting - Do not return strings - Avoid [ X -a Y ], as it isn't well-defined

KellerFuchs force-pushed the netns branch from 352eeca to 671205a Compare January 4, 2017 10:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add network namespaces for users #103

Add network namespaces for users #103

KellerFuchs commented Aug 6, 2016 •

edited

Loading

KellerFuchs commented Jan 4, 2017

daveloyall commented Nov 3, 2017

daurnimator commented Nov 3, 2017

Add network namespaces for users #103

Are you sure you want to change the base?

Add network namespaces for users #103

Conversation

KellerFuchs commented Aug 6, 2016 • edited Loading

KellerFuchs commented Jan 4, 2017

daveloyall commented Nov 3, 2017

daurnimator commented Nov 3, 2017

KellerFuchs commented Aug 6, 2016 •

edited

Loading