$ sandlock run -r /usr -r /lib -r /etc --net-connect 443 -- curl -sSL https://example.com
<!doctype html><html lang="en"><head><title>Example Domain</title><meta name="viewport" content="width=device-width, initial-scale=1"><style>body{background:#eee;width:60vw;margin:15vh auto;font-family:system-ui,sans-serif}h1{font-size:1.5em}div{opacity:0.8}a:link,a:visited{color:#348}</style></head><body><div><h1>Example Domain</h1><p>This domain is for use in documentation examples without needing permission. Avoid use in operations.</p><p><a href="https://iana.org/domains/example">Learn more</a></p></div></body></html>
$ sandlock run -r /usr -r /lib -r /etc --net-allow-host example.com -- curl -sSL https://example.com
curl: (7) Failed to connect to example.com port 443 after 1 ms: Could not connect to server--net-allow-host option is not work.
How can I configure the system to allow all network traffic by default? Do the option values support wildcards? Please update the Readme to accurately describe the default behavior and the functional boundaries of each component.
The HTTP network request restrictions are implemented using a transparent proxy. Does this mean I need to handle the certificates myself in order to use it?
--net-allow-hostoption is not work.How can I configure the system to allow all network traffic by default? Do the option values support wildcards? Please update the Readme to accurately describe the default behavior and the functional boundaries of each component.
The HTTP network request restrictions are implemented using a transparent proxy. Does this mean I need to handle the certificates myself in order to use it?