Skip to content
/ ah Public

Alternative Home directories via Linux Namespaces

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nilcons/ah

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ah
ah
 
 

Repository files navigation

Usecases

Isolating untrusted stuff from Google, Steam, Facebook, etc.

TCP dumping stuff on noisy desktops.

Debugging stuff that "tarbombs" your home directory on first run (e.g. bazel).

Networking

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -I FORWARD -j ACCEPT -s 100.110.0.0/16
sudo iptables -t nat -I POSTROUTING -j MASQUERADE -s 100.110.0.0/16

TODO: support multiple concurrent AH environments, by

  • allocating IPs in a 100.110/16 (via hashing based on the name),
  • bridging the veths together in a bridge on the host.

TODO: ipv6

TODO

Configurable isolation per environment:

  • network isolation off
  • process isolation off (together with --mount-proc)
  • maybe: ipc isolation on (but that kills pulseaudio+x11 anyway)

About

Alternative Home directories via Linux Namespaces

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages