Reputation: 5027
Restrict network access from Apptainer/Singularity container
Is it possible with Apptainer/Singularity to restrict which network interfaces can be used from within a container?
In my specific use-case I want to allow access to the internet but block access to some SocketCAN interfaces that are available on the host system. Is this possible?
I saw the --net/--network options but the documentation on this option not very detailed so I'm not sure how to use it (or if it can solve my problem at all).
Upvotes: 0
Views: 534
Answers (1)
Reputation: 5027
I got the answer from the Apptainer Slack channel (thanks to Cedric Clerget!):
In my specific case (allowing normal network access but hiding the SocketCAN interfaces), it is actually enough to add
--dns <IP of DNS server> --net --network=bridge # or --network=ptp
Specifying the DNS server is needed when using systemd resolved. In other cases it may work without.
Upvotes: 1
Related Questions
- Restrict Internet Access - Docker Container
- Block Internet Access From Docker Container
- Can I create a Singularity container which others cannot run with root privileges?
- docker restrict container network access
- Restrict internet access to docker container?
- Restrict access to my docker dev environment within the local network
- how to create docker restricted network
- How can I set up a Docker network with restricted communication?
- Restricting access to a Docker container
- Limit Network access but allow a specific IP for a Running Docker Container