[buildd-tools-devel] Bug#802849: schroot: please allow to unshare the network
Johannes Schauer
josch at debian.org
Sat Oct 24 08:02:49 UTC 2015
Package: schroot
Version: 1.6.10-2
Severity: wishlist
Hi,
Debian packages must be buildable without network access. For this
purpose it would be extremely useful if schroot would add an option that
unshares the network namespace before entering the chroot and executing
dpkg-buildpackage.
The unsharing has to be done by schroot itself and cannot be done
earlier because sbuild is usually run as non-root. Non-root users don't
have the privileges to unshare the network namespace, so they would
first have to create a new user namespace as well. But after having done
so, schroot refuses to work because it requires that
/etc/schroot/schroot.conf is owned by the root user (which it is not
anymore for a process that unshared the user namespace).
So could schroot instead get an option like --unshare-net which, while
schroot still has root privileges makes an unshare(CLONE_NEWNET) and
then runs `ip link set lo up` to activate the loopback interface?
Thanks!
cheers, josch
More information about the Buildd-tools-devel
mailing list