On Tue, Aug 24, 2021 at 06:41:59PM -0400, Mason Loring Bliss wrote:

> So, whether you set it persistently or not, you start with:
>

>     sudo sysctl -w kernel.unprivileged_userns_clone=1

>
> ...and then you can run something that has no configured network:
>

>     $ unshare -n ping 4.2.2.1
>     unshare: unshare failed: Operation not permitted

Didn't follow up here. One also needs to be mapped to root inside the
namespace:

    $ unshare -r -n ping 4.2.2.1
    connect: Network is unreachable

Without that, it doesn't do much. =cough=

--
Mason Loring Bliss (( If I have not seen as far as others, it is because
mason@??? )) giants were standing on my shoulders. - Hal Abelson