Re: network access during package build

To: debian-devel@lists.debian.org
Subject: Re: network access during package build
From: Thorsten Glaser <t.glaser@tarent.de>
Date: Tue, 2 Sep 2014 16:07:27 +0200
Message-id: <[🔎] alpine.DEB.2.11.1409021605030.22640@tglase.lan.tarent.de>

On Tue, 2 Sep 2014, Adam Borowski wrote:

> > (I’m aware that there is still *too* much “disable the network” in
> > pbuilder. Sorry for not having had the time to work on that. I’ll
> > try to do so shortly.)
>
> Could you tell us what's this "too much"?

#753944

> Here's how I would do it:
> unshare --net
> iptables rule on !127.0.0.0/8 and !::1 -j REJECT, if after the build the
> rule's counter is non-zero we fail the build

unsharing the network is already too much. I believe I just need
to start the loopback interface in the chroot, to fix most of
these, and maybe do something about /etc/hosts; see also Message
#91 there. There is no iptables inside the chroot either, besides
that’s just overkill (and the modules may not be loaded, etc).

bye,
//mirabilos
-- 
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...

Reply to:

Prev by Date: Re: JavaScript usage
Next by Date: Re: Jessie without systemd as PID 1?
Previous by thread: Bug#760262: ITP: ruby-kakasi-ffi -- A Ruby binding for KAKASI implemented with Fiddle/DL/FFI
Next by thread: Request for help: #757168 gamera: FTBFS on several architectures
Index(es):
- Date
- Thread