nsjail process does not have network access

linux containers

We run our java software builds on Linux docker containers and I modified our integration testing pipeline to wrap the test execution inside nsjail, this looks something like this:

nsjail -Mo --chroot / --user root --group root --disable_rlimit -- /bin/sh -c "our integration test execution goes here"

The reason is to isolate the network for these tests so that they can run in parallel and still bind to potentially the same ports. This works really well and the performance increase is great.

But (of course there is a but) I don't have any outgoing network access in the jailed process. I was under the impression that the jailed process would have some sort of bridged (not sure that's the term) networking, but I appear to be mistaken.

Is there any way to have this sort of networked access for an nsjailed process?


Solution 1:

You might take a look at https://github.com/google/nsjail/blob/master/configs/firefox-with-net.cfg which contains a configuration that allows firefox to run inside a jail but with internet access.

Related

domain CNAME to subdomain [duplicate]
Issue with LSI SAS2116 - no drives being detected on Fedora 32 kernel 5.8.*
Are dot matrix printers still used anywhere?
nfs server on linux with windows 10 client [closed]
Reliable transfer protocol designed for a known static bottleneck size and high packet loss?
Why .ssh directory permission need to be 700 for passwordless ssh
Logstash output-http plugin error 500 when trying to send to slack webhook
Why can't I access my FTP server with Windows Explorer?
Linux SSSD with two AD Domains
Remove 1 Disk From 4 Disk RAID 5 Array
How do I redirect these water currents to get my loot?
Where are the savegames stored for Mario on the DS Lite