Dnia 2015-01-21, o godz. 16:00:55 Alexis Ballier <[email protected]> napisał(a):
> On Wed, 21 Jan 2015 11:05:34 +0100 > Michał Górny <[email protected]> wrote: > > > Hello, developers. > > > > As you may recall, the main blocker for wide-establishment of > > FEATURES=network-sandbox prohibiting network access within the build > > environment is distcc. Since all connectivity is disabled, distcc can > > no longer reach other distcc servers and build efficiently. I > > therefore find it important to figure out a solution. > > > > I see two generic approaches possible here: > > > > 1. proxying distcc from within the build environment, or > > > > 2. moving distcc-spawned processes back to parent's namespace. > > [...] > > > > > Any other ideas? > > > > I haven't followed this at all, so this might be very stupid: > Isn't it possible to whitelist distcc hosts ? No because the child process is completely disconnected from parent's network stack. It has only a brand new loopback that's even separate from host's loopback. -- Best regards, Michał Górny
pgp2m3XoDv9ky.pgp
Description: OpenPGP digital signature
