TUN devices

NS8 can manage TUN devices and pass them to rootless containers.


Each node is responsible for its own TUN devices. The node is configured with a simple tunadm API. A module must be authorized to use it, by adding node:tunadm to the module image label org.nethserver.authorizations. For instance, set


Please note that the tunadm authorization includes also the fwadm one.

Then the module actions must use the agent Python package to add/remove the tun device needed by the module.

In create-module:

import os
import agent
agent.assert_exp(agent.add_tun("tun1", ""))

In destroy-module:

import os
import agent