On 27/09/23 12:57, Guido Falsi wrote:
On 27/09/23 12:54, Alexander Leidinger wrote:
Am 2023-09-27 10:56, schrieb Charlie Li:
In poudriere, apart from the fetch phase, network access is not
allowed by default so spawning a server that listens on an IP that
does not necessarily exist that clients, individual compiler
invocations, talk to isn't tenable. At the very least, one would need
to architect and implement Unix domain socket support there, which
they are happy to consider.
How is poudriere preventing network access outside the fetch phase?
two (undocumented) guesses:
- removing interfaces (including lo0)
- no routing
The only way to know for sure is reading the source code.
https://github.com/freebsd/poudriere/blob/97404baad0c41f1007f971c4a19c89b7c594d89f/src/share/poudriere/common.sh#L691C59-L692C32
This looks like the relevant line of code, one has obviously to check
all the involved variables definitions. This is a good starting point
for this kind of research though.
--
Guido Falsi <madpi...@freebsd.org>