nsjail process does not have network access
We run our java software builds on Linux docker containers and I modified our integration testing pipeline to wrap the test execution inside nsjail, this looks something like this:
nsjail -Mo --chroot / --user root --group root --disable_rlimit -- /bin/sh -c "our integration test execution goes here"
The reason is to isolate the network for these tests so that they can run in parallel and still bind to potentially the same ports. This works really well and the performance increase is great.
But (of course there is a but) I don't have any outgoing network access in the jailed process. I was under the impression that the jailed process would have some sort of bridged (not sure that's the term) networking, but I appear to be mistaken.
Is there any way to have this sort of networked access for an nsjailed process?
Solution 1:
You might take a look at https://github.com/google/nsjail/blob/master/configs/firefox-with-net.cfg which contains a configuration that allows firefox to run inside a jail but with internet access.