This change adds the ability to effectively use the PrivateNetwork
functionality systemd provides for services. Now, if enabled, services
can be created in a network namespace which isolates it from the reset
of the host. Additional options have been added allowing access into the
network namespace over ephemeral devices as needed.
Highlights:
* Isolated private networking for services will sandbox using a stand
alone namespace which has no access to anything via the network.
* Access into a private namespace can be provided over a single network
interface which can be IP'd via local DHCP + NAT or using an upstream
DHCP server.
* Tests have been added to exercise the new functionality.
All of the funcality has been documented in the defaults of this role.
Change-Id: I6751765131f32393a1605eb2100bec46199d980a
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
6285b6c638