Hi,
I’m using jamid via d-bus.
I want to restrict jamid (running a single account) to use a single network interface on a multi homed linux box.
So I use configurationmanager.setAccountDetails with
details['Account.localInterface'] = 'eth1' # instead of 'default'
But I still see (netstat -pantu) jamid to be connected to some IP available only via ‘eth0’…
What is wrong?
I suspect it isn’t implemented. But In general, firewall can use uid/gid and interface to match traffic, just write a rule to drop unwanted traffic?
I could try to add at boot time
iptables -A OUTPUT -m owner --cmd-owner jamid --out-interface eth0 --jump REJECT
but according to iptables manual: NOTE: pid, sid and command matching are broken on SMP and I guess all modern Linux Kernels are now SMP enabled… 
If I do it with --uid-owner then other apps will be blocked…
Is cgroup matching broken on SMP? If no, you can use privileges to change cgroup, then drop privileges and start jamid.