6285b6c638
This change adds the ability to effectively use the PrivateNetwork functionality systemd provides for services. Now, if enabled, services can be created in a network namespace which isolates it from the reset of the host. Additional options have been added allowing access into the network namespace over ephemeral devices as needed. Highlights: * Isolated private networking for services will sandbox using a stand alone namespace which has no access to anything via the network. * Access into a private namespace can be provided over a single network interface which can be IP'd via local DHCP + NAT or using an upstream DHCP server. * Tests have been added to exercise the new functionality. All of the funcality has been documented in the defaults of this role. Change-Id: I6751765131f32393a1605eb2100bec46199d980a Signed-off-by: Kevin Carter <kevin@cloudnull.com> |
||
|---|---|---|
| .. | ||
| main.yml | ||