When running a container, usually a virtual ethernet device is created. To do so, root privileges are required. How is it then managed in rootless containers?

Networking is usually managed by Slirp in rootless containers. Slirp creates a tap device which is also the default route and it creates it in the network namespace of the container. This device's file descriptor passed to the parent who runs it in the default namespace and the default namespace connected to the internet. This enables communication externally and internally.