StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Effectively disable network access during the build

Browse Source 
This starts a new network namespace without any connections to the
outside.

Bug: 122270019
Test: USE_GOMA=true m libc
Test: treehugger
Test: add rule to use /usr/bin/wget, fails after this change
Change-Id: Iba262025ce0e4e3bef5c34c817cc678d6c61403b
This commit is contained in:
Dan Willemsen
2019-01-15 16:58:27 -08:00
parent adf980bf91
commit 24024eafee
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ui/build/sandbox_linux.go
View File

@@ -143,9 +143,6 @@ func (c *Cmd) wrapSandbox() {
// For now, just map everything. Eventually we should limit this, especially to make most things readonly. // For now, just map everything. Eventually we should limit this, especially to make most things readonly.
"-B", "/", "-B", "/",
// Enable networking for now. TODO: remove
"-N",
// Disable newcgroup for now, since it may require newer kernels // Disable newcgroup for now, since it may require newer kernels
// TODO: try out cgroups // TODO: try out cgroups
"--disable_clone_newcgroup", "--disable_clone_newcgroup",