Tor does this the right way on Linux. You make a separate user namespace with access only to the Wir...

conradev • yesterday at 5:56 PM • 1 reply • view on HN

Tor does this the right way on Linux. You make a separate user namespace with access only to the WireGuard network adapter and run the program inside of that. You want the kernel involved if you want any sort of guarantee:

https://blog.torproject.org/introducing-oniux-tor-isolation-...

Replies

throwaway894345 • yesterday at 9:07 PM

How does this work in something like Kubernetes where you have a sidebar container configuring the network for the main container without affecting others on the same host?

➕ show 1 reply

alt Hacker News

Replies