PrivateNetwork assigns a new anonymous private namespaced network for the process: a variant of that functionality might create or join existing namespaced networks by name, instead of creating a standalone private networks. This would be extremely useful for securely connecting two daemons which need to share with each other. Perhaps, as per with systemd.socket files, a joint object, for example a systemd.network, might be in order?
Interesting idea. That could actually work... I am pretty sure we shouldn't make this a first class object (too exotic...), but maybe we can find another simpler solution?
Another use case could be to be able to restrict the network stack making it have its own firewall. We run dspam on a server, and using PrivateNetwork=yes broke it. But it only need to connect to 1 single service on a tcp/port, so that would be quite handy to disable everything but this ip/port/protocol, and make sure that firewall rules cannot be changed anymore.
This is implemented in 209 with JoinNamespaceOf=.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.