Userchroot currently does not provide any support for network sandboxing.
On Linux it would be reasonably straightforward to update the clone to use CLONE_NEWNET.
I think this should probably be done behind a compile-time switch to support any existing user who might be relying on network access in the sandbox.
Userchroot currently does not provide any support for network sandboxing.
On Linux it would be reasonably straightforward to update the clone to use
CLONE_NEWNET.I think this should probably be done behind a compile-time switch to support any existing user who might be relying on network access in the sandbox.