diff options
| -rw-r--r-- | content/docs/user_guide/networking.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/content/docs/user_guide/networking.md b/content/docs/user_guide/networking.md index 09d4b9789..83e75aaf2 100644 --- a/content/docs/user_guide/networking.md +++ b/content/docs/user_guide/networking.md @@ -33,4 +33,26 @@ Add the following `runtimeArgs` to your Docker configuration } ``` +## Disabling external networking + +To completely isolate the host and network from the sandbox, external +networking can be disabled. The sandbox will still contain a loopback provided +by netstack. + +Add the following `runtimeArgs` to your Docker configuration +(`/etc/docker/daemon.json`) and restart the Docker daemon: + +```json +{ + "runtimes": { + "runsc": { + "path": "/usr/local/bin/runsc", + "runtimeArgs": [ + "--network=none" + ] + } + } +} +``` + [netstack]: https://github.com/google/netstack |