Package: schroot Version: 1.6.10-2 Severity: wishlist Hi,
Debian packages must be buildable without network access. For this purpose it would be extremely useful if schroot would add an option that unshares the network namespace before entering the chroot and executing dpkg-buildpackage. The unsharing has to be done by schroot itself and cannot be done earlier because sbuild is usually run as non-root. Non-root users don't have the privileges to unshare the network namespace, so they would first have to create a new user namespace as well. But after having done so, schroot refuses to work because it requires that /etc/schroot/schroot.conf is owned by the root user (which it is not anymore for a process that unshared the user namespace). So could schroot instead get an option like --unshare-net which, while schroot still has root privileges makes an unshare(CLONE_NEWNET) and then runs `ip link set lo up` to activate the loopback interface? Thanks! cheers, josch
