If I decided to create a new container with either toolbx or distrobox and installed OpenVPN and the VPN profile/setup routes all the network traffic through the VPN: Would the network traffic created by the host machine be capture by the OpenVPN installed and executed from a toolbx/distrobox container?
You can not run privileged applications (such as OpenVPN) from an unprivileged toolbox/distrobox container as it needs to create network devices, etc. and that’s restricted to privileged processes. You need a privileged container.
OpenVPN is included in Atomic Desktops so you don’t even need a container for that.
I understood the original question to be about the network topology of containers. Maybe coming from a VM mindset, one could think of containers having their own virtual network device and wonder about routing of network traffic. The answer seems to be that thre’s no such thing and a (unpriviledged) container sees the same traffic as any unpriviledged app on the host, at least by default for toolbox+distrobox, and that any restrictions would have to be applied on the host side. Next question: Where and how
I guess you would distrobox create --unshare-netns ... so that the container does not pick-up the the devices from the init netns. Does the container pick up devices from the container netns automatically? The linked article is docker-focussed.
So moving them to the network namespace (as in the article) named like the container moves them to the container? Nice.
Podman, yes. What I meant is that toolbox/distrobox use a special (podman) container setup which exposes quite a bit from the host to the container. For the use-case discussed here, this may or not interfer with the “docker/podman from scratch” in the article.