Stéphane Graber [2013-10-21 18:45 -0400]:
> That's pretty much my plan, find a way to get schroot to interface with
> LXC (or just unshare the netns directly). Need something a bit more
> clever than just blocking access completely though since you still want
> to grab the build-depends, but passing a socket to a small proxy would
> be a way, creating a veth pair would be another (and using iptables to
> block non-archive traffic).
Or just calling dpkg-buildpackage within sbuild through unshare -n?
(Thanks for this awesome tool, BTW!)
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)