On 18.01.2023 16:48, Jakub Bogusz wrote: > On Wed, Jan 18, 2023 at 01:02:34PM +0100, Arkadiusz Miśkiewicz via > pld-devel-en wrote: > > On 18.01.2023 09:56, Jan Palus wrote: > > >On 18.01.2023 07:54, Arkadiusz Miśkiewicz via pld-devel-en wrote: > > >>On 17.01.2023 12:23, Jan Palus wrote: > > >>>Noticed during build of kodi-addon-inputstream-adaptive that contrary to > > >>>x86_64 and i686, x32 builder downloaded external sources successfully: > > >> > > >>bind was installed there and seems that even if there is no access to > > >>/etc/resolv.conf glibc fallbacks to querying 127.0.0.1:53 > > >> > > >>Uninstalled. > > >> > > >>The best would be to change UID of "builder" user used inside of chroot > > >>and drop all outgoing packets coming from it at iptables level. > > > > > >Or perhaps modify pld-builder to make each rpmbuild invocation in a new > > >network namespace via `unshare -n -c`. That would effectively cut whole > > >network for the process. > > > > We can try that... commited. > > i686 and x86_64 say: > "unshare: unshare failed: Operation not permitted"
Unfortunately it appears it's not possible to create user namespaces in a chroot: EPERM (since Linux 3.9) CLONE_NEWUSER was specified in flags and the caller is in a chroot environment (i.e., the caller's root directory does not match the root directory of the mount namespace in which it resides). _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en