Wednesday, 23 October 2013

Re: Introducing sbuild-launchpad-chroot

On Wed, Oct 23, 2013 at 09:53:07AM +0200, Martin Pitt wrote:
> Stéphane Graber [2013-10-21 18:45 -0400]:
> > That's pretty much my plan, find a way to get schroot to interface with
> > LXC (or just unshare the netns directly). Need something a bit more
> > clever than just blocking access completely though since you still want
> > to grab the build-depends, but passing a socket to a small proxy would
> > be a way, creating a veth pair would be another (and using iptables to
> > block non-archive traffic).
> Or just calling dpkg-buildpackage within sbuild through unshare -n?

There exist packages that take advantage of the fact that they can talk
to the archive even during the build; e.g. grub2-signed. So I think
we'd want something that's a more accurate match to the real-world
firewalling behaviour.

Colin Watson []

ubuntu-devel mailing list
Modify settings or unsubscribe at: