unschroot: add argument --isolate-network

This is where unschroot becomes incompatible with schroot as schroot
does not have this option. The idea is that unschroot becomes
feature-compatible with sbuild --chroot-mode=unshare and that requires
supporting network isolation. To make use of this, sbuild needs to be
extended to pass this flag when it sees a "Type unshare" chroot that is
not normally exposed from regular schroot.

1 files changed, 5 insertions, 0 deletions

diff --git a/examples/unschroot.py b/examples/unschroot.py
index 47d2a3c..5f6ad72 100755
--- a/examples/unschroot.py
+++ b/examples/unschroot.py
@@ -220,6 +220,8 @@ def do_run_session(args: argparse.Namespace) -> None:
             | linuxnamespaces.CloneFlags.NEWNS
             | linuxnamespaces.CloneFlags.NEWPID
         )
+        if args.isolate_network:
+            ns |= linuxnamespaces.CloneFlags.NEWNET
         linuxnamespaces.unshare(ns)
         childsock.send(b"\0")
         childsock.recv(1)
@@ -238,6 +240,8 @@ def do_run_session(args: argparse.Namespace) -> None:
         linuxnamespaces.pivot_root(".", ".")
         linuxnamespaces.umount(".", linuxnamespaces.UmountFlags.DETACH)
         os.chdir("/")
+        if ns & linuxnamespaces.CloneFlags.NEWNET:
+            linuxnamespaces.enable_loopback_if()
         if args.user.isdigit():
             spw = pwd.getpwuid(int(args.user))
         else:
@@ -327,6 +331,7 @@ def main() -> None:
     parser.add_argument("-p", "--preserve-environment", action="store_true")
     parser.add_argument("-q", "--quiet", action="store_true")
     parser.add_argument("-u", "--user", action="store", default=os.getlogin())
+    parser.add_argument("--isolate-network", action="store_true")
     parser.add_argument("command", nargs="*")
     args = parser.parse_args()
     assert args.subcommand is not None