From: "Michał Górny" <mgorny@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Subject: Re: [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost'
Date: Sat, 28 Mar 2020 19:46:32 +0100 [thread overview]
Message-ID: <43b38a73967f09c12673ef041c1bcd4451f4f71c.camel@gentoo.org> (raw)
In-Reply-To: <533bf0db-bdd5-0e79-3b20-93577e521912@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 2507 bytes --]
On Sat, 2020-03-28 at 11:16 -0700, Zac Medico wrote:
> On 3/28/20 12:13 AM, Michał Górny wrote:
> > Use UTS namespace to override hostname when network-sandbox is enabled.
> > Set it to 'localhost' as that has a better chance of being present
> > in /etc/hosts. This fixes tests in some packages that try to connect
> > to localhost via hostname obtained using gethostname(), e.g. docker-py,
> > and suffer resolution problems due to the system hostname not being
> > defined in /etc/hosts.
> > ---
> > lib/portage/process.py | 11 ++++++++++-
> > 1 file changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/portage/process.py b/lib/portage/process.py
> > index c1fc4bcf6..c48503208 100644
> > --- a/lib/portage/process.py
> > +++ b/lib/portage/process.py
> > @@ -348,12 +348,14 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,
> > if unshare_net or unshare_ipc or unshare_mount or unshare_pid:
> > # from /usr/include/bits/sched.h
> > CLONE_NEWNS = 0x00020000
> > + CLONE_NEWUTS = 0x04000000
> > CLONE_NEWIPC = 0x08000000
> > CLONE_NEWPID = 0x20000000
> > CLONE_NEWNET = 0x40000000
> >
> > if unshare_net:
> > - unshare_flags |= CLONE_NEWNET
> > + # UTS namespace to override hostname
> > + unshare_flags |= CLONE_NEWNET | CLONE_NEWUTS
> > if unshare_ipc:
> > unshare_flags |= CLONE_NEWIPC
> > if unshare_mount:
> > @@ -704,6 +706,13 @@ def _exec(binary, mycommand, opt_name, fd_pipes,
> > noiselevel=-1)
> > os._exit(1)
> > if unshare_net:
> > + # use 'localhost' to avoid hostname resolution problems
> > + try:
> > + socket.sethostname('localhost')
> > + except Exception as e:
> > + writemsg("Unable to set hostname: %s (for FEATURES=\"network-sandbox\")\n" % (
> > + e),
>
> Existing code uses (e,) in cases like this, in order to wrap the
> exception in a tuple, preventing ambiguity in python2 where exceptions
> may behave like tuples. If you don't include the comma, then the
> parenthesis do nothing here, but these days the string formatting
> appears to work correctly with python2.7 either way.
Oops, I meant to leave it there. I'll fix and push.
>
> > + noiselevel=-1)
> > _configure_loopback_interface()
> > except AttributeError:
> > # unshare() not supported by libc
> >
>
> Looks good. Please merge.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
prev parent reply other threads:[~2020-03-28 18:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-28 7:13 [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost' Michał Górny
2020-03-28 18:16 ` Zac Medico
2020-03-28 18:46 ` Michał Górny [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43b38a73967f09c12673ef041c1bcd4451f4f71c.camel@gentoo.org \
--to=mgorny@gentoo.org \
--cc=gentoo-portage-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox