From ee365da8cc3621f18a6c57723c39feccdc121949 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 10 Jan 2025 09:24:25 +0100 Subject: [PATCH] network isolation: set hostname to localhost MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unshare UTS namespace and set hostname to "localhost". Some build systems lookup "localhost". We didn't run into the problem, yet, because Fedora-based distros have `127.0.0.1 localhost` in `/etc/hosts`. Thanks to Michał Górny @mgorny for suggesting the change. Signed-off-by: Christian Heimes --- src/fromager/run_network_isolation.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/fromager/run_network_isolation.sh b/src/fromager/run_network_isolation.sh index 42e082f4..c3e3d40b 100755 --- a/src/fromager/run_network_isolation.sh +++ b/src/fromager/run_network_isolation.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env -S unshare -rn /bin/bash +#!/usr/bin/env -S unshare --uts --net --map-root-user /bin/bash # # Run command with network isolation (CLONE_NEWNET) and set up loopback # interface in the new network namespace. This is somewhat similar to @@ -6,6 +6,9 @@ # unprivilged container. The user is root inside the new namespace and mapped # to the euid/egid if the parent namespace. # +# Unshare UTS namespace, so we can set the hostname to "localhost", so +# lookup of "localhost" does not fail. +# # Ubuntu 24.04: needs `sysctl kernel.apparmor_restrict_unprivileged_userns=0` # to address `unshare: write failed /proc/self/uid_map: Operation not permitted`. # @@ -21,5 +24,10 @@ fi # bring loopback up ip link set lo up +# set hostname to "localhost" +if command -v hostname 2>&1 >/dev/null; then + hostname localhost +fi + # replace with command exec "$@"