no-network build policy rules
Arkadiusz Miśkiewicz
arekm at maven.pl
Sun Oct 26 16:33:21 CET 2025
On 26/10/2025 16:16, Jakub Bogusz wrote:
> I found that there are different meanings of "no network usage":
> 1) builders cannot use external resources/hosts, which is enforced by
> non-functional resolv.conf
> 2) but `unshare --net` introduced recently in builder script does even
> more: it disables the use of localhost connections (binding/connecting
> to lo interface/127.0.0.1/8 addresses)
>
> Many more test suites rely on loopback connections working than using
> external resources, so there are many (esp. python or perl modules,
> openssl, openssh, git etc.) packages which can be built fine on builders,
> but not with builder script (without --bnet).
>
> How should be packages (and their default tests options) prepared, to
> compy with 1) or 2)?
Best would be 2 but with configured loopback. Unfortunately that doesn't
seem to be possible via unshare for a unprivileged user.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list