bubblewrap
bubblewrap copied to clipboard
Published
20 hours ago •
containers
containers
RFE: slirp4netns support
Using userspace network stack like slirp4netns as an alternative to sharing network namespace could provide a more secure way to connect sandboxed apps to the internet:
- No abstract sockets leak (#330)
- No access to the "real" localhost and services listening on it (with
--disable-host-loopback) (#340) - Apps can't receive incoming connections unless there is explicit port forward (this may be a disadvantage, though)
slirp4netns or another network solution would be nice! Any plans to implement?
