Hi, Quoting bauen1 (2021-04-09 18:58:37) > Please add support to the unshare chroot backend to unshare the network > namespace. > > As per debian policy v4.5.1.0 > https://www.debian.org/doc/debian-policy/ch-source.html#main-building-script-debian-rules: > > > For packages in the main archive, no required targets may attempt network > > access, except, via the loopback interface, to services on the build host > > that have been started by the build. > > For these and similar scenarios It would be useful if sbuild unshare could be > configured to prevent network access except for the loopback interface, by > unsharing the network namespace and bringing up the loopback interface while > still root.
I don't understand. What bug do you see? The network namespace is already unshared and only the loopback interface active in the unshare backend: https://sources.debian.org/src/sbuild/0.81.2/lib/Sbuild/Build.pm/?hl=2470#L2470 Where is the bug? Thanks! cheers, josch
signature.asc
Description: signature