* Re: [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost'
@ 2020-03-28 18:46 99% ` Michał Górny
0 siblings, 0 replies; 1+ results
From: Michał Górny @ 2020-03-28 18:46 UTC (permalink / raw
To: gentoo-portage-dev
[-- Attachment #1: Type: text/plain, Size: 2507 bytes --]
On Sat, 2020-03-28 at 11:16 -0700, Zac Medico wrote:
> On 3/28/20 12:13 AM, Michał Górny wrote:
> > Use UTS namespace to override hostname when network-sandbox is enabled.
> > Set it to 'localhost' as that has a better chance of being present
> > in /etc/hosts. This fixes tests in some packages that try to connect
> > to localhost via hostname obtained using gethostname(), e.g. docker-py,
> > and suffer resolution problems due to the system hostname not being
> > defined in /etc/hosts.
> > ---
> > lib/portage/process.py | 11 ++++++++++-
> > 1 file changed, 10 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/portage/process.py b/lib/portage/process.py
> > index c1fc4bcf6..c48503208 100644
> > --- a/lib/portage/process.py
> > +++ b/lib/portage/process.py
> > @@ -348,12 +348,14 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,
> > if unshare_net or unshare_ipc or unshare_mount or unshare_pid:
> > # from /usr/include/bits/sched.h
> > CLONE_NEWNS = 0x00020000
> > + CLONE_NEWUTS = 0x04000000
> > CLONE_NEWIPC = 0x08000000
> > CLONE_NEWPID = 0x20000000
> > CLONE_NEWNET = 0x40000000
> >
> > if unshare_net:
> > - unshare_flags |= CLONE_NEWNET
> > + # UTS namespace to override hostname
> > + unshare_flags |= CLONE_NEWNET | CLONE_NEWUTS
> > if unshare_ipc:
> > unshare_flags |= CLONE_NEWIPC
> > if unshare_mount:
> > @@ -704,6 +706,13 @@ def _exec(binary, mycommand, opt_name, fd_pipes,
> > noiselevel=-1)
> > os._exit(1)
> > if unshare_net:
> > + # use 'localhost' to avoid hostname resolution problems
> > + try:
> > + socket.sethostname('localhost')
> > + except Exception as e:
> > + writemsg("Unable to set hostname: %s (for FEATURES=\"network-sandbox\")\n" % (
> > + e),
>
> Existing code uses (e,) in cases like this, in order to wrap the
> exception in a tuple, preventing ambiguity in python2 where exceptions
> may behave like tuples. If you don't include the comma, then the
> parenthesis do nothing here, but these days the string formatting
> appears to work correctly with python2.7 either way.
Oops, I meant to leave it there. I'll fix and push.
>
> > + noiselevel=-1)
> > _configure_loopback_interface()
> > except AttributeError:
> > # unshare() not supported by libc
> >
>
> Looks good. Please merge.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2020-03-28 7:13 [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost' Michał Górny
2020-03-28 18:16 ` Zac Medico
2020-03-28 18:46 99% ` Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox