Skip to content
/ ah Public

Alternative Home directories via Linux Namespaces

License

Notifications You must be signed in to change notification settings

nilcons/ah

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Usecases

Isolating untrusted stuff from Google, Steam, Facebook, etc.

TCP dumping stuff on noisy desktops.

Debugging stuff that "tarbombs" your home directory on first run (e.g. bazel).

Networking

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -I FORWARD -j ACCEPT -s 100.110.0.0/16
sudo iptables -t nat -I POSTROUTING -j MASQUERADE -s 100.110.0.0/16

TODO: support multiple concurrent AH environments, by

  • allocating IPs in a 100.110/16 (via hashing based on the name),
  • bridging the veths together in a bridge on the host.

TODO: ipv6

TODO

Configurable isolation per environment:

  • network isolation off
  • process isolation off (together with --mount-proc)
  • maybe: ipc isolation on (but that kills pulseaudio+x11 anyway)

About

Alternative Home directories via Linux Namespaces

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages