On Wed, Oct 23, 2013 at 09:53:07AM +0200, Martin Pitt wrote:
> Stéphane Graber [2013-10-21 18:45 -0400]:
> > That's pretty much my plan, find a way to get schroot to interface with
> > LXC (or just unshare the netns directly). Need something a bit more
> > clever than just blocking access completely though since you still want
> > to grab the build-depends, but passing a socket to a small proxy would
> > be a way, creating a veth pair would be another (and using iptables to
> > block non-archive traffic).
>
> Or just calling dpkg-buildpackage within sbuild through unshare -n?
There exist packages that take advantage of the fact that they can talk
to the archive even during the build; e.g. grub2-signed. So I think
we'd want something that's a more accurate match to the real-world
firewalling behaviour.
--
Colin Watson [cjwatson@ubuntu.com]
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
