Effectively disable network access during the build

This starts a new network namespace without any connections to the outside. Bug: 122270019 Test: USE_GOMA=true m libc Test: treehugger Test: add rule to use /usr/bin/wget, fails after this change Change-Id: Iba262025ce0e4e3bef5c34c817cc678d6c61403b
2019-01-15 16:58:27 -08:00
parent adf980bf91
commit 24024eafee
1 changed files with 0 additions and 3 deletions
--- a/ui/build/sandbox_linux.go
+++ b/ui/build/sandbox_linux.go
@@ -143,9 +143,6 @@ func (c *Cmd) wrapSandbox() {
 		// For now, just map everything. Eventually we should limit this, especially to make most things readonly.
 		"-B", "/",

-		// Enable networking for now. TODO: remove
-		"-N",
-
 		// Disable newcgroup for now, since it may require newer kernels
 		// TODO: try out cgroups
 		"--disable_clone_newcgroup",