Build control-center in mock fail

Colin Walters walters at
Sat May 25 15:51:56 UTC 2013

On Sat, 2013-05-25 at 11:15 -0400, Nico Kadel-Garcia wrote:

[The build hosts do not have outside network access]

> That's very specific to the Fedora build environment. Difficult to
> replicate in the field without a huge local build structure! 

If you do it using firewalls, yes, quite annoying.  But not if you use
Linux container features; linux-user-chroot allows using some of them
in a (relatively) safe way as non-root:

$ whoami
$ ping -c 1
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=54 time=39.9 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 106ms
rtt min/avg/max/mdev = 39.956/39.956/39.956/0.000 ms
$ linux-user-chroot --unshare-net / ping -c 1
ping: unknown host

This is how the gnome-ostree build system builds completely as
non-root *and* denies network access during the build process.

More information about the devel mailing list