x32 builder has network access
Jan Palus
atler at pld-linux.org
Wed Jan 18 09:56:14 CET 2023
On 18.01.2023 07:54, Arkadiusz Miśkiewicz via pld-devel-en wrote:
> On 17.01.2023 12:23, Jan Palus wrote:
> > Noticed during build of kodi-addon-inputstream-adaptive that contrary to
> > x86_64 and i686, x32 builder downloaded external sources successfully:
>
> bind was installed there and seems that even if there is no access to
> /etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53
>
> Uninstalled.
>
> The best would be to change UID of "builder" user used inside of chroot
> and drop all outgoing packets coming from it at iptables level.
Or perhaps modify pld-builder to make each rpmbuild invocation in a new
network namespace via `unshare -n -c`. That would effectively cut whole
network for the process.
More information about the pld-devel-en
mailing list