Skip to content

toke/nsrun

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Network namespace runner

Execute program in an existing network namespace.

Warning: This program needs elevated permissions to do it's job. It also allows to join network namespaces of other processes running as root and maybe escape them again! It's not a tool to make your processes "secure"!

Make sure to understand the implications.

For most cases tools like firejail, nsenter and others may be more capable.

For more information look into the wiki

Why?

The main purpose of this tool is currently to run programs within a different network namespace - for example a VPN only namespace. This allows to contain the network traffic for this program.

Build

make
sudo chown root:nsrun nsrun
sudo chmod 4754 nsrun

Create a group nsrun and add yourself to group nsrun.

Usage

Join a named network namespace:

NAMESPACE=/var/run/netns/mynamespace
./nsrun $NAMESPACE /usr/bin/bash -l

Join a namespace of another process

NAMESPACE=/proc/PID/ns/net
./nsrun $NAMESPACE /usr/bin/bash -l

About

Execute programs in an network namespace

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published