From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7E4CC138334 for ; Thu, 1 Aug 2019 19:02:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 732FDE07B3; Thu, 1 Aug 2019 19:02:41 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4FD54E07B3 for ; Thu, 1 Aug 2019 19:02:41 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B3FA134927E for ; Thu, 1 Aug 2019 19:02:39 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 31B116DB for ; Thu, 1 Aug 2019 19:02:37 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1564686081.590e32d05fce225dfdab6308555f4a7668378d79.floppym@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/ X-VCS-Repository: proj/portage X-VCS-Files: lib/portage/process.py X-VCS-Directories: lib/portage/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: 590e32d05fce225dfdab6308555f4a7668378d79 X-VCS-Branch: master Date: Thu, 1 Aug 2019 19:02:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 106e2ef0-dfcc-481c-8522-0b1998e85f3f X-Archives-Hash: 78cf25a58c0895ed2b988190ec6345c7 commit: 590e32d05fce225dfdab6308555f4a7668378d79 Author: Mike Gilbert gentoo org> AuthorDate: Wed Jul 31 19:51:34 2019 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Thu Aug 1 19:01:21 2019 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=590e32d0 Configure additional addresses on the lo interface for network-sandbox This works around some strange behavior in glibc's getaddrinfo() implementation when the AI_ADDRCONFIG flag is set. For example: struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags = AI_ADDRCONFIG }; getaddrinfo("localhost", NULL, &hints, &res); This returns no results if there are no non-loopback addresses configured. Bug: https://bugs.gentoo.org/690758 Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13 Reviewed-by: Zac Medico gentoo.org> Signed-off-by: Mike Gilbert gentoo.org> lib/portage/process.py | 50 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 13 deletions(-) diff --git a/lib/portage/process.py b/lib/portage/process.py index dfbda75de..77f7fac02 100644 --- a/lib/portage/process.py +++ b/lib/portage/process.py @@ -446,6 +446,42 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False, # Everything succeeded return 0 +def _configure_loopback_interface(): + """ + Configure the loopback interface. + """ + + IFF_UP = 0x1 + ifreq = struct.pack('16sh', b'lo', IFF_UP) + SIOCSIFFLAGS = 0x8914 + + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + try: + fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq) + except IOError as e: + writemsg("Unable to enable loopback interface: %s\n" % e.strerror, noiselevel=-1) + sock.close() + + # We add some additional addresses to work around odd behavior in glibc's + # getaddrinfo() implementation when the AI_ADDRCONFIG flag is set. + # + # For example: + # + # struct addrinfo *res, hints = { .ai_family = AF_INET, .ai_flags = AI_ADDRCONFIG }; + # getaddrinfo("localhost", NULL, &hints, &res); + # + # This returns no results if there are no non-loopback addresses + # configured for a given address family. + # + # Bug: https://bugs.gentoo.org/690758 + # Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=12377#c13 + + try: + subprocess.call(['ip', 'address', 'add', '10.0.0.1/8', 'dev', 'lo']) + subprocess.call(['ip', 'address', 'add', 'fd00::1/8', 'dev', 'lo']) + except OSError as e: + writemsg("Error calling 'ip': %s\n" % e.strerror, noiselevel=-1) + def _exec(binary, mycommand, opt_name, fd_pipes, env, gid, groups, uid, umask, cwd, pre_exec, close_fds, unshare_net, unshare_ipc, unshare_mount, unshare_pid, @@ -624,19 +660,7 @@ def _exec(binary, mycommand, opt_name, fd_pipes, noiselevel=-1) os._exit(1) if unshare_net: - # 'up' the loopback - IFF_UP = 0x1 - ifreq = struct.pack('16sh', b'lo', IFF_UP) - SIOCSIFFLAGS = 0x8914 - - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) - try: - fcntl.ioctl(sock, SIOCSIFFLAGS, ifreq) - except IOError as e: - writemsg("Unable to enable loopback interface: %s\n" % ( - errno.errorcode.get(e.errno, '?')), - noiselevel=-1) - sock.close() + _configure_loopback_interface() except AttributeError: # unshare() not supported by libc pass