| View previous topic :: View next topic |
| Author |
Message |
wanne32
n00b
Joined: 11 Nov 2023
Posts: 55
|
 Posted: Thu May 16, 2024 9:07 am Post subject: [solved]Disabeling network per shell |
 |
|
I like users to be able to disconnect application from the internet.
I more or less have a solution by creating a suid binary that determines the calling uid adds/removes a rule with the skuid to nftables. So I start with calling that, starting the program and removing it afterwards.
But this has 2 drawbacks:
a) While the program is running, no other program of the same user will have access to the internet.
b) I have to create a suid-binary – even so it is a quite simple one.
So I am searching for a way to restrict the internet access for a given shell or a process with all its children (including double-forks).
Last edited by wanne32 on Thu May 16, 2024 11:52 am; edited 3 times in total |
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3180
|
| Posted: Thu May 16, 2024 9:17 am Post subject: |
|
|
Looks like you're looking for "network namespace".
Check out man ip-netns, it's only 2 pages long and actually tells you how to use it. (Which, unfortunately, is not that common)
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
wanne32
n00b
Joined: 11 Nov 2023
Posts: 55
|
| Posted: Thu May 16, 2024 11:54 am Post subject: |
|
|
I didn't know that you can run ip netns exec as normal user. Wanted to complain about the need of root rights first, then tried it first...
Thanks! Creating an "empty" ns is beautiful simple! |
|
| Back to top |
|
|
|
Networking & Security
