Package: sbuild Version: 0.81.2 Severity: wishlist Justification: wishlist X-Debbugs-Cc: j24...@gmail.com
Dear Maintainer, Please add support to the unshare chroot backend to unshare the network namespace. As per debian policy v4.5.1.0 https://www.debian.org/doc/debian-policy/ch-source.html#main-building-script-debian-rules: > For packages in the main archive, no required targets may attempt network > access, except, via the loopback interface, to services on the build host > that have been started by the build. For these and similar scenarios It would be useful if sbuild unshare could be configured to prevent network access except for the loopback interface, by unsharing the network namespace and bringing up the loopback interface while still root. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: bauen1-policy Versions of packages sbuild depends on: ii adduser 3.118 ii libsbuild-perl 0.81.2 ii perl 5.32.1-3 Versions of packages sbuild recommends: ii autopkgtest 5.16 ii debootstrap 1.0.123 ii schroot 1.6.10-12 Versions of packages sbuild suggests: pn deborphan <none> ii e2fsprogs 1.46.2-1 ii kmod 28-1 ii wget 1.21-1+b1 -- no debconf information