nsproxy, network-namespace with SOCKS5 proxy
- You can run dockerd within a container, with everything proxied by a SOCK5 proxy
- The sandbox may defend against casual attackers, or otherwise unnecessary state-contamination of softwares
- The codebase is a singleton in full Rust. You are expected to modify the code.
- Native alacritty integration at full speed
- It's shipped with a GUI written with EGUI, meant to daily-drive desktop with paranoia-level of network control
- You can control the degree of isolation. In the least isolated case, only network namespace is unshared, such that no softwares break.