Network namespace runner

Execute program in an existing network namespace.

Warning: This program needs elevated permissions to do it's job. It also allows to join network namespaces of other processes running as root and maybe escape them again! It's not a tool to make your processes "secure"!

Make sure to understand the implications.

For most cases tools like firejail, nsenter and others may be more capable.

For more information look into the wiki

Why?

The main purpose of this tool is currently to run programs within a different network namespace - for example a VPN only namespace. This allows to contain the network traffic for this program.

Build

make
sudo chown root:nsrun nsrun
sudo chmod 4754 nsrun

Create a group nsrun and add yourself to group nsrun.

Usage

Join a named network namespace:

NAMESPACE=/var/run/netns/mynamespace
./nsrun $NAMESPACE /usr/bin/bash -l

Join a namespace of another process

NAMESPACE=/proc/PID/ns/net
./nsrun $NAMESPACE /usr/bin/bash -l