On Mon, May 12, 2014 at 12:07 PM, Rick "Zero_Chaos" Farina <zeroch...@gentoo.org> wrote: > What about talking to local network resources? In my metasploit ebuild > it has tests available which talk to a local database and are perfectly > safe, however, if postgresql is started on the system the tests don't > work, the ebuild needs to start it's own postgresql to run the tests. > This seems a bit needless in my package, but likely saves others from > poorly written tests. Do we want to allow access to system network > services or block them? Right now they are blocked, and that's going to > make the src_test function on my ebuild expand into near insanity to fix.
So, in theory with a separate network namespace I would think that the ebuild could start postgresql which could listen on any port regardless of the fact that it is running already, because the port would not be used within its own namespace. Anything started within the namespace that tried to connect to postgresql would end up talking to the version contained within the namespace. That could be useful in a lot of testing scenarios. However, I don't know if portage actually makes the network namespace that it creates useful - I don't know if it contains any interfaces, or if they are initialized/etc. Rich
