Re: [gentoo-portage-dev] [PATCH v2] Configure additional addresses on the lo interface for network-sandbox
On 8/1/19 6:22 AM, Mike Gilbert wrote:
> This works around some strange behavior in glibc's getaddrinfo()
> implementation when the AI_ADDRCONFIG flag is set.
>
> For example:
>
> struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags =
> AI_ADDRCONFIG };
> getaddrinfo("localhost", NULL, , );
>
> This returns no results if there are no non-loopback addresses configured.
>
> Bug: https://bugs.gentoo.org/690758
> Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13
> Signed-off-by: Mike Gilbert
> ---
> lib/portage/process.py | 50 +++---
> 1 file changed, 37 insertions(+), 13 deletions(-)
>
> diff --git a/lib/portage/process.py b/lib/portage/process.py
> index dfbda75de..77f7fac02 100644
> --- a/lib/portage/process.py
> +++ b/lib/portage/process.py
> @@ -446,6 +446,42 @@ def spawn(mycommand, env=None, opt_name=None,
> fd_pipes=None, returnpid=False,
> # Everything succeeded
> return 0
>
> +def _configure_loopback_interface():
> + """
> + Configure the loopback interface.
> + """
> +
> + IFF_UP = 0x1
> + ifreq = struct.pack('16sh', b'lo', IFF_UP)
> + SIOCSIFFLAGS = 0x8914
> +
> + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
> + try:
> + fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq)
> + except IOError as e:
> + writemsg("Unable to enable loopback interface: %s\n" %
> e.strerror, noiselevel=-1)
> + sock.close()
> +
> + # We add some additional addresses to work around odd behavior in
> glibc's
> + # getaddrinfo() implementation when the AI_ADDRCONFIG flag is set.
> + #
> + # For example:
> + #
> + # struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags =
> AI_ADDRCONFIG };
> + # getaddrinfo("localhost", NULL, , );
> + #
> + # This returns no results if there are no non-loopback addresses
> + # configured for a given address family.
> + #
> + # Bug: https://bugs.gentoo.org/690758
> + # Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13
> +
> + try:
> + subprocess.call(['ip', 'address', 'add', '10.0.0.1/8', 'dev',
> 'lo'])
> + subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev',
> 'lo'])
> + except OSError as e:
> + writemsg("Error calling 'ip': %s\n" % e.strerror, noiselevel=-1)
> +
> def _exec(binary, mycommand, opt_name, fd_pipes,
> env, gid, groups, uid, umask, cwd,
> pre_exec, close_fds, unshare_net, unshare_ipc, unshare_mount,
> unshare_pid,
> @@ -624,19 +660,7 @@ def _exec(binary, mycommand, opt_name, fd_pipes,
>
> noiselevel=-1)
> os._exit(1)
> if unshare_net:
> - # 'up' the loopback
> - IFF_UP = 0x1
> - ifreq =
> struct.pack('16sh', b'lo', IFF_UP)
> - SIOCSIFFLAGS = 0x8914
> -
> - sock =
> socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
> - try:
> -
> fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq)
> - except IOError as e:
> -
> writemsg("Unable to enable loopback interface: %s\n" % (
> -
> errno.errorcode.get(e.errno, '?')),
> -
> noiselevel=-1)
> - sock.close()
> +
> _configure_loopback_interface()
> except AttributeError:
> # unshare() not supported by libc
> pass
>
Looks good. Please merge.
--
Thanks,
Zac
signature.asc
Description: OpenPGP digital signature
[gentoo-portage-dev] [PATCH v2] Configure additional addresses on the lo interface for network-sandbox
This works around some strange behavior in glibc's getaddrinfo()
implementation when the AI_ADDRCONFIG flag is set.
For example:
struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags =
AI_ADDRCONFIG };
getaddrinfo("localhost", NULL, , );
This returns no results if there are no non-loopback addresses configured.
Bug: https://bugs.gentoo.org/690758
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13
Signed-off-by: Mike Gilbert
---
lib/portage/process.py | 50 +++---
1 file changed, 37 insertions(+), 13 deletions(-)
diff --git a/lib/portage/process.py b/lib/portage/process.py
index dfbda75de..77f7fac02 100644
--- a/lib/portage/process.py
+++ b/lib/portage/process.py
@@ -446,6 +446,42 @@ def spawn(mycommand, env=None, opt_name=None,
fd_pipes=None, returnpid=False,
# Everything succeeded
return 0
+def _configure_loopback_interface():
+ """
+ Configure the loopback interface.
+ """
+
+ IFF_UP = 0x1
+ ifreq = struct.pack('16sh', b'lo', IFF_UP)
+ SIOCSIFFLAGS = 0x8914
+
+ sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
+ try:
+ fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq)
+ except IOError as e:
+ writemsg("Unable to enable loopback interface: %s\n" %
e.strerror, noiselevel=-1)
+ sock.close()
+
+ # We add some additional addresses to work around odd behavior in
glibc's
+ # getaddrinfo() implementation when the AI_ADDRCONFIG flag is set.
+ #
+ # For example:
+ #
+ # struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags =
AI_ADDRCONFIG };
+ # getaddrinfo("localhost", NULL, , );
+ #
+ # This returns no results if there are no non-loopback addresses
+ # configured for a given address family.
+ #
+ # Bug: https://bugs.gentoo.org/690758
+ # Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13
+
+ try:
+ subprocess.call(['ip', 'address', 'add', '10.0.0.1/8', 'dev',
'lo'])
+ subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev',
'lo'])
+ except OSError as e:
+ writemsg("Error calling 'ip': %s\n" % e.strerror, noiselevel=-1)
+
def _exec(binary, mycommand, opt_name, fd_pipes,
env, gid, groups, uid, umask, cwd,
pre_exec, close_fds, unshare_net, unshare_ipc, unshare_mount,
unshare_pid,
@@ -624,19 +660,7 @@ def _exec(binary, mycommand, opt_name, fd_pipes,
noiselevel=-1)
os._exit(1)
if unshare_net:
- # 'up' the loopback
- IFF_UP = 0x1
- ifreq =
struct.pack('16sh', b'lo', IFF_UP)
- SIOCSIFFLAGS = 0x8914
-
- sock =
socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
- try:
-
fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq)
- except IOError as e:
-
writemsg("Unable to enable loopback interface: %s\n" % (
-
errno.errorcode.get(e.errno, '?')),
-
noiselevel=-1)
- sock.close()
+
_configure_loopback_interface()
except AttributeError:
# unshare() not supported by libc
pass
--
2.22.0
