From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1D32D138350 for ; Sat, 28 Mar 2020 18:46:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1F51FE0ADB; Sat, 28 Mar 2020 18:46:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DF9F0E0ADB for ; Sat, 28 Mar 2020 18:46:38 +0000 (UTC) Received: from pomiot (c143-158.icpnet.pl [85.221.143.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id DF43C34F729; Sat, 28 Mar 2020 18:46:36 +0000 (UTC) Message-ID: <43b38a73967f09c12673ef041c1bcd4451f4f71c.camel@gentoo.org> Subject: Re: [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost' From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-portage-dev@lists.gentoo.org Date: Sat, 28 Mar 2020 19:46:32 +0100 In-Reply-To: <533bf0db-bdd5-0e79-3b20-93577e521912@gentoo.org> References: <20200328071342.8409-1-mgorny@gentoo.org> <533bf0db-bdd5-0e79-3b20-93577e521912@gentoo.org> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-OBZSTUcic/vV05oVOiSW" User-Agent: Evolution 3.34.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@lists.gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: fb5df92e-0ba7-4533-b33b-0b698f170074 X-Archives-Hash: 4f21cf5a1e7ffe736251f9b47e93a58b --=-OBZSTUcic/vV05oVOiSW Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2020-03-28 at 11:16 -0700, Zac Medico wrote: > On 3/28/20 12:13 AM, Micha=C5=82 G=C3=B3rny wrote: > > Use UTS namespace to override hostname when network-sandbox is enabled. > > Set it to 'localhost' as that has a better chance of being present > > in /etc/hosts. This fixes tests in some packages that try to connect > > to localhost via hostname obtained using gethostname(), e.g. docker-py, > > and suffer resolution problems due to the system hostname not being > > defined in /etc/hosts. > > --- > > lib/portage/process.py | 11 ++++++++++- > > 1 file changed, 10 insertions(+), 1 deletion(-) > >=20 > > diff --git a/lib/portage/process.py b/lib/portage/process.py > > index c1fc4bcf6..c48503208 100644 > > --- a/lib/portage/process.py > > +++ b/lib/portage/process.py > > @@ -348,12 +348,14 @@ def spawn(mycommand, env=3DNone, opt_name=3DNone,= fd_pipes=3DNone, returnpid=3DFalse, > > if unshare_net or unshare_ipc or unshare_mount or unshare_pid: > > # from /usr/include/bits/sched.h > > CLONE_NEWNS =3D 0x00020000 > > + CLONE_NEWUTS =3D 0x04000000 > > CLONE_NEWIPC =3D 0x08000000 > > CLONE_NEWPID =3D 0x20000000 > > CLONE_NEWNET =3D 0x40000000 > > =20 > > if unshare_net: > > - unshare_flags |=3D CLONE_NEWNET > > + # UTS namespace to override hostname > > + unshare_flags |=3D CLONE_NEWNET | CLONE_NEWUTS > > if unshare_ipc: > > unshare_flags |=3D CLONE_NEWIPC > > if unshare_mount: > > @@ -704,6 +706,13 @@ def _exec(binary, mycommand, opt_name, fd_pipes, > > noiselevel=3D-1) > > os._exit(1) > > if unshare_net: > > + # use 'localhost' to avoid hostname resolution problems > > + try: > > + socket.sethostname('localhost') > > + except Exception as e: > > + writemsg("Unable to set hostname: %s (for FEATURES=3D\"network= -sandbox\")\n" % ( > > + e), >=20 > Existing code uses (e,) in cases like this, in order to wrap the > exception in a tuple, preventing ambiguity in python2 where exceptions > may behave like tuples. If you don't include the comma, then the > parenthesis do nothing here, but these days the string formatting > appears to work correctly with python2.7 either way. Oops, I meant to leave it there. I'll fix and push. >=20 > > + noiselevel=3D-1) > > _configure_loopback_interface() > > except AttributeError: > > # unshare() not supported by libc > >=20 >=20 > Looks good. Please merge. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-OBZSTUcic/vV05oVOiSW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEx2qEUJQJjSjMiybFY5ra4jKeJA4FAl5/m4hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM3 NkE4NDUwOTQwOThEMjhDQzhCMjZDNTYzOUFEQUUyMzI5RTI0MEUACgkQY5ra4jKe JA64dwgAzGpdGLLuKq7n82oPQ0sYdJ+eTetgj7n1eKevRXqbRqAbP9cmUicUv6Px SURIToPqoZKhSAv8FsIaOVOYAuMSyyn6vUdi48oWTym1m8//I7p3Fh7qDAR18bXr Mj8IntVid7D59aFgnXOo1Bm/7ONyWiw2ifUmXQn8yCJV0BQ+wvq2KGYo5d3enzmi oY9LLA3H7Fp8eRgY1U4Z0MrZSoddks2n6PcCkvWgV5ETktKurx+UjRClGZbtCptN hhqG/cH9bLao64PuCxdmbFs9hUeaDZOxhM78FgGta6svprLXaDM6tTd8/D6qX5B2 NUJrSe2xP/4bfvkldgTfCC3By/dZdA== =HImT -----END PGP SIGNATURE----- --=-OBZSTUcic/vV05oVOiSW--