Kernel networking interfaces already work pretty well in containers (using network namespaces). You can eg run openvpn or some fancier SDN inside a container to tunnel its traffic with the default non-privileged permission set that
If you are running an old kernel from before Wireguard was merged to the mainline kernel, or want the extra safery from a memory safe language wireguard implementation this can be useful.
If you are running an old kernel from before Wireguard was merged to the mainline kernel, or want the extra safery from a memory safe language wireguard implementation this can be useful.