x32 builder has network access
Arkadiusz Miśkiewicz
arekm at maven.pl
Wed Jan 18 13:02:34 CET 2023
On 18.01.2023 09:56, Jan Palus wrote:
> On 18.01.2023 07:54, Arkadiusz Miśkiewicz via pld-devel-en wrote:
>> On 17.01.2023 12:23, Jan Palus wrote:
>>> Noticed during build of kodi-addon-inputstream-adaptive that contrary to
>>> x86_64 and i686, x32 builder downloaded external sources successfully:
>>
>> bind was installed there and seems that even if there is no access to
>> /etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53
>>
>> Uninstalled.
>>
>> The best would be to change UID of "builder" user used inside of chroot
>> and drop all outgoing packets coming from it at iptables level.
>
> Or perhaps modify pld-builder to make each rpmbuild invocation in a new
> network namespace via `unshare -n -c`. That would effectively cut whole
> network for the process.
We can try that... commited.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list