As part of the migration to libcontainers, we need to account for the creation / deletion of tap devices and tc filters during the process of the monitor execution environment creation. These operations need to be performed inside the network namespace but before pivoting to the new rootfs in order to have access to /dev/net/tun and CAP_NET_ADMIN capabilities. The only way to do that is to perform it as a hook.
For this reason, we need to make the networking part accessible through cli options of urunc.
As part of the migration to libcontainers, we need to account for the creation / deletion of tap devices and tc filters during the process of the monitor execution environment creation. These operations need to be performed inside the network namespace but before pivoting to the new rootfs in order to have access to
/dev/net/tunandCAP_NET_ADMINcapabilities. The only way to do that is to perform it as a hook.For this reason, we need to make the networking part accessible through cli options of urunc.