| View previous topic :: View next topic |
| Author |
Message |
viacheslavg
n00b
Joined: 23 Sep 2016
Posts: 8
|
 Posted: Fri Sep 03, 2021 1:10 pm Post subject: lightdm: run xfce4 session in network namespace |
 |
|
My goal is to have dedicated network namespace for some user. Thus when user logs in into xfce4 it should fall into preconfigured network namespace. I'm using lightdm to start X.
Is there any way to configure this in lightdm or xfce? Maybe through ~/.xinitrc or so? Maybe someone already done something like this before?
Thanks. |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Fri Sep 03, 2021 3:27 pm Post subject: |
|
|
see ip-netns
https://man7.org/linux/man-pages/man8/ip-netns.8.html
I think you can see this kind of network namespaces in cloud environments like openstack where each tenant is assigned a vlan or vxlan which is totally isolated from other tenants.
They use stuff like ovs-bridging etc etc etc.
I have never heard of anyone implementing such a thing in a simple desktop setup.
What do YOU mean when you say "dedicated network namespace"?
I like the following instruction because it explains on creating netns' on the fly without connecting the process to openstack.
You WILL however need to install openvswitch and create an ovs-bridge.You will need 1 or preferably 2 ethernet ifaces and then you can create veth ifaces when user logs in.
So put everything in an xfce-start-script to be run when a user logs in.
If you do meet with success plz create a "Tips and Tricks" forum entry for other people to also benefit.
https://www.cloud-native-everything.com/network-namespaces-in-5-min/
_________________
 |
|
| Back to top |
|
|
viacheslavg
n00b
Joined: 23 Sep 2016
Posts: 8
|
| Posted: Fri Sep 03, 2021 8:32 pm Post subject: |
|
|
Thanks for the info.
Actually I have already setup network namespace (using ip netns you've mentioned). Now I want to implement scenario when some user upon login (either X session or console) will be "assigned" to this network namespace. In this way this particular user will have isolated network setup (iptables, routes, etc) and any changes he made will not affect "host" network.
With console login I have some progress. I can put something like | Code: | | nsenter --net=/run/netns/my-ns |
to .bashrc and partially it works. User appears in desired namespace after login but apparently he "lost" all groups. But with X login I have no progress. dunno how to make e.g. xfce4-session process to be in my namespace.
As for the purpose of all this stuff:
I can imagine the case when one can use PC for personal and work activity. At work you can have some restrictions to network like VPN or so. So if you need to switch frequently from "home" to "work" you will need to on/off VPN or switch between VPNs etc. Which is rather annoying. On the other hand if you setup two accounts on your PC with different network namespaces you can login simultaneously to both and just switch between.
Or you can use dedicated account to study linux networking, play with netfilter, routing etc, and be usre you won't brake whole system. Also it is easy to "start from scratch", just recreate namespace. |
|
| Back to top |
|
|
|
Desktop Environments
