Chrome OS will forward ports from localhost
into Crostini. This allows developers to use Chrome to access their development environment inside Crostini.
cicerone will ask chunnel to tunnel all ports listening in the Crostini container, except:
CAP_NET_BIND_SERVICE
.Moreover, tunneled ports are locked down to reject traffic from non-chronos
UIDs.