No support for UNSHARE_NET

[alexlarsson]

I'm trying to make flatpak/bubblewrap work on WSL, and one missing feature is network namespaces: containers/bubblewrap@6054b54

I realize network namespaces are generally pretty complicated, as you have to also support netlink and whatnot to be able to set up the new namespace. However, flatpak needs only a small part of this, just enough to bring up a loopback interface.

[therealkenc]

For giggles try running WSL elevated. Allegedly there is some CLONE_NEWNET work that has been done but I haven't experimented with it much.

[alexlarsson]

Running elevated kinda defeats the purpose of using namespaces for sandboxing though. If the generic code is there I think it shouldn't be that hard to make it work non-privilegedly for the flatpak usecase (which is essentially "make network stuff seem to work but pretend we're offline").

[therealkenc]

It doesn't, in the context of WSL. You're sandboxed as user alex from a Unix semantics standpoint as you always were (which, mostly, you aren't). Not that I think that running WSL escalated is a good idea. Or that I think it will make UNSHARE_NET light up. Just that it is (maybe barely) worth the giggles to try.

[benhillis]

@therealkenc is right. UNSHARE_NET requires Windows admin (for communicating with Windows virtual network infrastructure).