add new_net option

2025-08-22 16:05:40 +00:00 · 2024-10-22 07:42:22 +00:00
parent 282fc648de
commit b9071cac40
2 changed files with 10 additions and 3 deletions
--- a/src/bin/izoli.rs
+++ b/src/bin/izoli.rs
@ -29,9 +29,12 @@ fn main() {
                    max: CGroupLimitValue::Max,
                    period: 100000,
                }),
+                ..Default::default()
            }),
+            new_net: true,
        },
    );
+
    let pid = izolibox
        .enter(Box::new(|| {
            IzoliBox::prelude(1).unwrap();
--- a/src/izolibox.rs
+++ b/src/izolibox.rs
@ -20,6 +20,7 @@ pub struct IzoliBox {
 #[derive(Debug, Clone, Default)]
 pub struct IzoliBoxOptions {
    pub cgroup_option: Option<CGroupOption>,
+    pub new_net: bool,
 }

 impl IzoliBox {
@ -30,11 +31,14 @@ impl IzoliBox {
    pub fn enter(&self, callback: CloneCb<'_>) -> Result<Pid, nix::errno::Errno> {
        info!("box enter");
        let mut stack = [0u8; STACK_SIZE];
-        let flags = CloneFlags::CLONE_NEWNS
+        let mut flags = CloneFlags::CLONE_NEWNS
            | CloneFlags::CLONE_NEWUTS
            | CloneFlags::CLONE_NEWIPC
-            | CloneFlags::CLONE_NEWPID
-            | CloneFlags::CLONE_NEWNET;
+            | CloneFlags::CLONE_NEWPID;
+
+        if self.options.new_net {
+            flags = flags | CloneFlags::CLONE_NEWNET;
+        }

        if let Some(cgroup_option) = &self.options.cgroup_option {
            let cgroup = CGroup::new(&format!("izoli/box_{}", self.id)).unwrap();