v0.1.0-alpha5

This version adds support for application-based split tunneling.

With the following configuration in a profile, egress traffic is routed through the desired device.

{
    "network": {
        "outbound_interface": "<device name>"
   }
}

This feature requires root or CAP_NET_ADMIN permissions.

How it works under the hood:

1. The routing table is searched for routes through the target device.
2. Matching routes are copied to a secondary routing table.
3. Packets originating from pallium's interface are marked using fwmark.
4. Policy-based routing is set up for packets matching the mark to use the secondary routing table.

v0.1.0-alpha4

• Improvement of gVisor support for sandboxes run as root

• Introduction of build provenance attestations

• Support for port forwarding from host to guest

  {
    "network": {
      "port_forwarding": {
        "local": ["tcp://127.0.0.1:1337:127.0.0.1:1337"]
      }
    }
  }
  

v0.1.0-alpha3

This build fixes a bug when piping a configuration file on stdin into pallium.

v0.1.0-alpha2

This build supports using the bundled gVisor kernel and fixes a terminal issue when using the exec command.

Very first alpha build of the pallium bundle

This is a first prerelease of a standalone pallium bundle built with PyInstaller.

It bundles:

• gVisor
• slirpnetstack
• Tor
• Python
• tun2socks