From 97ef2fbc93483aac68a1db1c3622859cc897f1d2 Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Sat, 22 Jun 2024 17:26:03 +0200 Subject: unschroot: add argument --isolate-network This is where unschroot becomes incompatible with schroot as schroot does not have this option. The idea is that unschroot becomes feature-compatible with sbuild --chroot-mode=unshare and that requires supporting network isolation. To make use of this, sbuild needs to be extended to pass this flag when it sees a "Type unshare" chroot that is not normally exposed from regular schroot. --- examples/unschroot.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/examples/unschroot.py b/examples/unschroot.py index 47d2a3c..5f6ad72 100755 --- a/examples/unschroot.py +++ b/examples/unschroot.py @@ -220,6 +220,8 @@ def do_run_session(args: argparse.Namespace) -> None: | linuxnamespaces.CloneFlags.NEWNS | linuxnamespaces.CloneFlags.NEWPID ) + if args.isolate_network: + ns |= linuxnamespaces.CloneFlags.NEWNET linuxnamespaces.unshare(ns) childsock.send(b"\0") childsock.recv(1) @@ -238,6 +240,8 @@ def do_run_session(args: argparse.Namespace) -> None: linuxnamespaces.pivot_root(".", ".") linuxnamespaces.umount(".", linuxnamespaces.UmountFlags.DETACH) os.chdir("/") + if ns & linuxnamespaces.CloneFlags.NEWNET: + linuxnamespaces.enable_loopback_if() if args.user.isdigit(): spw = pwd.getpwuid(int(args.user)) else: @@ -327,6 +331,7 @@ def main() -> None: parser.add_argument("-p", "--preserve-environment", action="store_true") parser.add_argument("-q", "--quiet", action="store_true") parser.add_argument("-u", "--user", action="store", default=os.getlogin()) + parser.add_argument("--isolate-network", action="store_true") parser.add_argument("command", nargs="*") args = parser.parse_args() assert args.subcommand is not None -- cgit v1.2.3