As someone who works with networks, this is a super helpful tool for offline testing. Thanks @yossarian for sharing with me!
@sethmlarson @yossarian This is cool, thanks! I didn't know about `--map-root-user` when calling unshare. :)
One issue we've stumbled upon with this sort of approach is that loopback is unavailable. But thankfully that's easily fixable as well:
```
sudo unshare --net -- sh -c "ip link set lo up; $(which tox) -e py"
```
@sethmlarson @yossarian I find it surprising that in the README exemple, the error is a EPERM. EPERM is returned when netfilter drops traffic with an OUTPUT rule. Network unreachable should be the appropriate error.
Am I missing something? Is this on Mac OS?
@x_cli @sethmlarson the example is from macOS, yeah. But note also that the Linux version uses namespacing to filter the network, not iptables!
(The reason it EPERMs on macOS is because, to my understanding, that’s the uniform errno used for sandbox checks.)
@yossarian @sethmlarson I did note that the Linux version is using namespaces