|
|
|
|
|
|
by ndriscoll
623 days ago
|
|
|
Assuming this is true, one way you could mitigate is to place it into a network namespace where the only available interface is the one you want your program to use. e.g. https://www.wireguard.com/netns/#ordinary-containerization Note that this can still leak traffic like DNS requests via domain sockets that connect to a handler outside the namespace. The New Namespace Solution on that page should prevent that I think if you want to route all traffic through the vpn by default. |
|
|