On Sat, 2013-05-25 at 11:15 -0400, Nico Kadel-Garcia wrote: [The build hosts do not have outside network access]
> That's very specific to the Fedora build environment. Difficult to > replicate in the field without a huge local build structure! If you do it using firewalls, yes, quite annoying. But not if you use Linux container features; linux-user-chroot allows using some of them in a (relatively) safe way as non-root: $ whoami walters $ ping -c 1 google.com PING google.com (173.194.43.2) 56(84) bytes of data. 64 bytes from lga15s34-in-f2.1e100.net (173.194.43.2): icmp_seq=1 ttl=54 time=39.9 ms --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 106ms rtt min/avg/max/mdev = 39.956/39.956/39.956/0.000 ms $ linux-user-chroot --unshare-net / ping -c 1 google.com ping: unknown host google.com $ This is how the gnome-ostree build system builds completely as non-root *and* denies network access during the build process. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
