Build control-center in mock fail

Colin Walters walters at verbum.org
Sat May 25 15:51:56 UTC 2013


On Sat, 2013-05-25 at 11:15 -0400, Nico Kadel-Garcia wrote:

[The build hosts do not have outside network access]

> That's very specific to the Fedora build environment. Difficult to
> replicate in the field without a huge local build structure! 

If you do it using firewalls, yes, quite annoying.  But not if you use
Linux container features; linux-user-chroot allows using some of them
in a (relatively) safe way as non-root:

$ whoami
walters
$ ping -c 1 google.com
PING google.com (173.194.43.2) 56(84) bytes of data.
64 bytes from lga15s34-in-f2.1e100.net (173.194.43.2): icmp_seq=1 ttl=54 time=39.9 ms

--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 106ms
rtt min/avg/max/mdev = 39.956/39.956/39.956/0.000 ms
$ linux-user-chroot --unshare-net / ping -c 1 google.com
ping: unknown host google.com
$ 

This is how the gnome-ostree build system builds completely as
non-root *and* denies network access during the build process.




More information about the devel mailing list