v4.7.2 pre-release is out:
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v4.7.2-pre-release
It passed my “surface-level tests” 🗿
I know some guy with a wonky setup will still report bugs.
But in this release, the metadata is immutable - even if it gets nuked by Android, by you, or by some race condition I haven’t found lurking in the backend - no worries..!
The metadata will auto-heal within 3 ms, and you won’t even notice a thing.
TL;DR: This release hardens security more:
1. Metadata will never get corrupted or nuked.
2. No ghost containers allowed - even if the metadata is nuked or N/A, we scan the entire /proc within 3 milliseconds to catch any “lost” containers.
3. Nothing will be lost - nothing can escape.
@Droidspaces
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v4.7.2-pre-release
It passed my “surface-level tests” 🗿
I know some guy with a wonky setup will still report bugs.
But in this release, the metadata is immutable - even if it gets nuked by Android, by you, or by some race condition I haven’t found lurking in the backend - no worries..!
The metadata will auto-heal within 3 ms, and you won’t even notice a thing.
TL;DR: This release hardens security more:
1. Metadata will never get corrupted or nuked.
2. No ghost containers allowed - even if the metadata is nuked or N/A, we scan the entire /proc within 3 milliseconds to catch any “lost” containers.
3. Nothing will be lost - nothing can escape.
@Droidspaces
❤1
v4.7.3 is released with a critical bug fix!
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v4.7.3
I worked 4 days straight figuring out why PID files were getting nuked when "Run at Boot" was enabled. I even hardened the security, preventing users from running 2 containers with the same name, and ensured all metadata could be recovered even if /data ceased to exist, etc. (This added more complexity to the project-but ultimately helped in a good way, lol).
Only to realize…
The issue wasn’t in the backend at all.
It was in the app.
We had 2 different "Run at Boot" implementations: one in the app and one in the Magisk module.
Both did the same thing. The Magisk module "Run at Boot" feature was a later addition to the app, and I forgot to remove the old implementation.
This caused the bug, and it went unnoticed for 4 months!
Which is insane...
@Droidspaces
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v4.7.3
I worked 4 days straight figuring out why PID files were getting nuked when "Run at Boot" was enabled. I even hardened the security, preventing users from running 2 containers with the same name, and ensured all metadata could be recovered even if /data ceased to exist, etc. (This added more complexity to the project-but ultimately helped in a good way, lol).
Only to realize…
The issue wasn’t in the backend at all.
It was in the app.
We had 2 different "Run at Boot" implementations: one in the app and one in the Magisk module.
Both did the same thing. The Magisk module "Run at Boot" feature was a later addition to the app, and I forgot to remove the old implementation.
This caused the bug, and it went unnoticed for 4 months!
Which is insane...
@Droidspaces
❤3😁1
Droidspaces-v4.7.3-net-isolation-test.apk
12.6 MB
APK for testing..
if any issues, drop the log file from /data/local/Droidspaces/Logs/<name>/log
if any issues, drop the log file from /data/local/Droidspaces/Logs/<name>/log
❤3👎1
Fix network isolation in modern systemd on Droidspaces
( Android Only )
01. Enter the container's root shell and delete these files:
02. Create an override systemd-networkd config to keep our static IPv4 address:
03. Mask the useless systemd-networkd-wait-online service:
Done !
@Droidspaces
( Android Only )
01. Enter the container's root shell and delete these files:
rm -f /etc/systemd/network/10-wifi.network
rm -f /etc/systemd/network/20-mobile.network
rm -f /etc/systemd/network/30-other.network
02. Create an override systemd-networkd config to keep our static IPv4 address:
mkdir -p /etc/systemd/network
cat > /etc/systemd/network/99-unmanaged.network << 'EOF'
[Match]
Name=*
[Link]
Unmanaged=yes
EOF
03. Mask the useless systemd-networkd-wait-online service:
ln -sf /dev/null /etc/systemd/system/systemd-networkd-wait-online.service
Done !
@Droidspaces
🗿1
Droidspaces v5.0.0-pre-release !
🪵 What's new?
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.0.0-pre-release
[ App ]
[ Backend ]
Notes:
- For existing modern systemd containers like Ubuntu 25.04, Fedora, and Arch, you must apply this fix to make NAT mode work - new containers will be automatically fixed upon installation in the app.
- Kernel configurations required for NAT mode have been updated. Please get the new configurations from the app.
@Droidspaces
🪵 What's new?
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.0.0-pre-release
[ App ]
- app: implemented NAT/HOST/NONE Network modes to the container configuration menu
- add network isolation configuration requirements to the Droidspaces kernel configurations
[ Backend ]
- net: implement full network isolation with NAT, bridgeless fallback, and Android routing
- fix: Configure systemd-networkd to unmanage all network interfaces, preventing DHCP conflicts with Droidspaces' static IP setup
- mask systemd-networkd-wait-online.service and make udevadm trigger non-critical in udev-trigger.service
- fix: Apply interactive terminal check for foreground mode only to interactive commands like start, restart, or enter
- Add --reset command-line option to clear container configuration while preserving name and rootfs paths
- Implement a centralized logging engine with internal functions, container-specific file logging, and refactored logging macros
- Cache cgroup mount points, optimize mountinfo parsing, ensure correct PTY allocation in new PID namespaces, and prevent terminal I/O blocking
- Add check_ns function to verify network namespace support and integrate it into network mode validation
- Add live kernel probes for bridge and veth support to check NAT networking capability
Notes:
- For existing modern systemd containers like Ubuntu 25.04, Fedora, and Arch, you must apply this fix to make NAT mode work - new containers will be automatically fixed upon installation in the app.
- Kernel configurations required for NAT mode have been updated. Please get the new configurations from the app.
@Droidspaces
🗿3
This media is not supported in your browser
VIEW IN TELEGRAM
Demonstration of our isolated networking: it works perfectly even when switching between 3 different networks 🗿
M21 -> Mobile Data -> M14
It doesn’t even feel it.. 🗣
M21 -> Mobile Data -> M14
It doesn’t even feel it.. 🗣
🗿2
Droidspaces v5.1.0-pre-release is here..!
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.1.0-pre-release
What's new..?
[ Backend ]
THIS MUST FIX ALL OF THE NETWORKING ISSUE IN THE NAT MODE - NO FILES EDIT NEEDED.
If you did this thing before, please revert it.
@Droidspaces
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.1.0-pre-release
What's new..?
[ Backend ]
net: replace static RTNETLINK IP assignment with embedded DHCP server
THIS MUST FIX ALL OF THE NETWORKING ISSUE IN THE NAT MODE - NO FILES EDIT NEEDED.
If you did this thing before, please revert it.
@Droidspaces
❤2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
Networking is unkillable now 🗿
100% uptime.
Even if you enable or disable Wi-Fi, data, or hotspot thousands of times,
no worries!
The Droidspaces daemon will perfectly handle everything in the background 🗿
100% uptime.
Even if you enable or disable Wi-Fi, data, or hotspot thousands of times,
no worries!
The Droidspaces daemon will perfectly handle everything in the background 🗿
🗿4❤1
This is how Port Forwarding Works in NAT Mode
When a container runs in NAT mode, its network is completely isolated with a private IP (like
Port forwarding solves this by creating a mapping between a port on the phone's own IP (which IS visible to your local network) and a port inside the container.
For example, mapping phone port 22 → container port 22 means:
When someone on your network SSHes into <phone-ip>:22, the phone intercepts that connection and transparently forwards it into the container - as if the container were directly reachable.
The container itself never needs a public IP. The phone acts as the gateway.
When a container runs in NAT mode, its network is completely isolated with a private IP (like
172.28.33.133) that only the phone knows about. Other devices on your local network - and even your router - have no idea this private network exists, so trying to SSH directly into the container's IP from another device will simply fail.Port forwarding solves this by creating a mapping between a port on the phone's own IP (which IS visible to your local network) and a port inside the container.
For example, mapping phone port 22 → container port 22 means:
Another Device ──► Router ──► Phone (your real IP) ──► Container (172.28.x.x)When someone on your network SSHes into <phone-ip>:22, the phone intercepts that connection and transparently forwards it into the container - as if the container were directly reachable.
The container itself never needs a public IP. The phone acts as the gateway.
Droidspaces v5.3.0-pre-release
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.0-pre-release
This will be the last release from the
What's in this release:
- Universal, fully working network isolation, with a DHCP server for assigning IPs AND a daemon that watches network changes in real time to ensure 99.999% uptime. Works on both Android and Linux - tested on kernels 4.14 to 6.19 🗿
- Cgroups won't be isolated on kernels lower than 5.2. This makes it possible to run Ubuntu 24.04 and other semi-modern distros on older kernels with 100% compatibility. I'm literally running Ubuntu 24.04 with 100% systemd health on my old 4.14.113 kernel.
- Fixed CTRL+ALT+Q tends to reboot in foreground mode.
- More misc. improvements that I can't remember.
Notes: The upstream interface is the interface that has internet access, such as
Connect to Wi-Fi → Select the interface that appears → Disable Wi-Fi and connect to mobile data → Press the refresh button in that menu → Select the interface(s) that appear.
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.0-pre-release
This will be the last release from the
network-isolation branch. Once you guys test everything and confirm it’s working, I’m going to merge network isolation into the main branch and take a break from development for a while 😇What's in this release:
- Universal, fully working network isolation, with a DHCP server for assigning IPs AND a daemon that watches network changes in real time to ensure 99.999% uptime. Works on both Android and Linux - tested on kernels 4.14 to 6.19 🗿
- Cgroups won't be isolated on kernels lower than 5.2. This makes it possible to run Ubuntu 24.04 and other semi-modern distros on older kernels with 100% compatibility. I'm literally running Ubuntu 24.04 with 100% systemd health on my old 4.14.113 kernel.
- Fixed CTRL+ALT+Q tends to reboot in foreground mode.
- More misc. improvements that I can't remember.
Notes: The upstream interface is the interface that has internet access, such as
wlan0 or rmnet0. The app can auto-detect upstream networks - all you need to do is:Connect to Wi-Fi → Select the interface that appears → Disable Wi-Fi and connect to mobile data → Press the refresh button in that menu → Select the interface(s) that appear.
🔥1🗿1
New release with new fixes:
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.1-pre-release
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.1-pre-release
GitHub
Release Droidspaces v5.3.1-pre-release · ravindu644/Droidspaces-OSS
What's Changed
docs: Add a new row to the comparison table detailing network isolation capabilities. (23f7083)
docs: Add troubleshooting for NAT mode internet access with IPv6-only upstream. (...
docs: Add a new row to the comparison table detailing network isolation capabilities. (23f7083)
docs: Add troubleshooting for NAT mode internet access with IPv6-only upstream. (...