fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

11K
active users

@sethmlarson @yossarian This is cool, thanks! I didn't know about `--map-root-user` when calling unshare. :)

One issue we've stumbled upon with this sort of approach is that loopback is unavailable. But thankfully that's easily fixable as well:
```
sudo unshare --net -- sh -c "ip link set lo up; $(which tox) -e py"
```

@sethmlarson @yossarian I find it surprising that in the README exemple, the error is a EPERM. EPERM is returned when netfilter drops traffic with an OUTPUT rule. Network unreachable should be the appropriate error.
Am I missing something? Is this on Mac OS?

@x_cli @sethmlarson the example is from macOS, yeah. But note also that the Linux version uses namespacing to filter the network, not iptables!

(The reason it EPERMs on macOS is because, to my understanding, that’s the uniform errno used for sandbox checks.)

@yossarian @sethmlarson I did note that the Linux version is using namespaces 😉. That's precisely because I knew that Linux would not return EPERM with the namespace technique that I wondered if that was an error in the README or an extract from MacOS :) Thanks for the confirmation 👍