I understand Oniux separates out everything. Are there any options to allow the bypass for a localhost service?
You can access some local services (over TCP or UDP) with the help of slirp4netns.
Example
Terminal 1: start oniux and print the inode number of the new network namespace
(host)$ ./oniux sh
(namespace)$ ls -l /proc/self/ns/net
… /proc/self/ns/net -> net:[4000000001]
Terminal 2: find the related PID of this network namespace
(host)$ lsns --type net|grep 4000000001
4000000001 net 2 3000 haha unassigned ./oniux sh
Terminal 2: create a TAP device in this network namespace
(host)$ nsenter --preserve-credentials --keep-caps --target 3000 --user --net
(namespace)$ ip tuntap add mode tap name tap0
(namespace)$ ip addr add 10.0.2.100/24 dev tap0
(namespace)$ ip addr add fd00::100/64 dev tap0
(namespace)$ ip link set tap0 up
(namespace)$ ip route add 10.0.2.0/24 dev tap0 via 10.0.2.2
(namespace)$ ip route add fd00::/64 dev tap0 via fd00::2
(namespace)$ exit
Terminal 2: start slirp4netns
(host)$ slirp4netns --enable-ipv6 3000 tap0
Terminal 1: try accessing some local services
(namespace)$ nc 10.0.2.2 65535
# 127.0.0.1:65535
(namespace)$ nc -u fd00::2 65535
# [::1]:65535
Thank you for the information. I haven’t had a chance to try it yet, but as soon as I do, I’ll come back and update this again.
OK, finally getting around to trying this. Everything went good until I tried to run the command with the --keep-caps. Evidently Debian’s version (I’m on the latest release with all updates) of nsenter doesn’t support --keep-caps yet so I’ll have to find a way to workaround that.
I tried the nsenter command without --keep-caps and it returned to the prompt but when I tried ip tuntap… it said ioctl(TUNSETIFF): Operation not permitted.
I’m running Oniux as a user, not root, and these commands as that same user. Do I need to sudo these commands first?