Let’s say I want to enforce certain settings, such as the use of a proxy in network settings for certain users.
Isn’t this easily bypassable by for example by installing TOR browser or using a VPN app in the user space?
How does system mangers can be sure users will only use the system as planned by the sysadmin? I’m especially interested in network settings, but in general I would be interested to know more about this/be pointed towards the right direction.
Thank you!
You could spawn their processes in a isolated network namespace, connected to a proxy via tun interface. You can then setup firewall rules on that interface to block all traffic, except the proxy an maybe your own dns - that should all be out of the users „reach“.