Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o, "Michał Górny" <mgorny@g.o>
Subject: Re: [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost'
Date: Sat, 28 Mar 2020 18:17:00
Message-Id: 533bf0db-bdd5-0e79-3b20-93577e521912@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH v2] process: Unshare UTS namespace, and set hostname to 'localhost' by "Michał Górny"
1 On 3/28/20 12:13 AM, Michał Górny wrote:
2 > Use UTS namespace to override hostname when network-sandbox is enabled.
3 > Set it to 'localhost' as that has a better chance of being present
4 > in /etc/hosts. This fixes tests in some packages that try to connect
5 > to localhost via hostname obtained using gethostname(), e.g. docker-py,
6 > and suffer resolution problems due to the system hostname not being
7 > defined in /etc/hosts.
8 > ---
9 > lib/portage/process.py | 11 ++++++++++-
10 > 1 file changed, 10 insertions(+), 1 deletion(-)
11 >
12 > diff --git a/lib/portage/process.py b/lib/portage/process.py
13 > index c1fc4bcf6..c48503208 100644
14 > --- a/lib/portage/process.py
15 > +++ b/lib/portage/process.py
16 > @@ -348,12 +348,14 @@ def spawn(mycommand, env=None, opt_name=None, fd_pipes=None, returnpid=False,
17 > if unshare_net or unshare_ipc or unshare_mount or unshare_pid:
18 > # from /usr/include/bits/sched.h
19 > CLONE_NEWNS = 0x00020000
20 > + CLONE_NEWUTS = 0x04000000
21 > CLONE_NEWIPC = 0x08000000
22 > CLONE_NEWPID = 0x20000000
23 > CLONE_NEWNET = 0x40000000
24 >
25 > if unshare_net:
26 > - unshare_flags |= CLONE_NEWNET
27 > + # UTS namespace to override hostname
28 > + unshare_flags |= CLONE_NEWNET | CLONE_NEWUTS
29 > if unshare_ipc:
30 > unshare_flags |= CLONE_NEWIPC
31 > if unshare_mount:
32 > @@ -704,6 +706,13 @@ def _exec(binary, mycommand, opt_name, fd_pipes,
33 > noiselevel=-1)
34 > os._exit(1)
35 > if unshare_net:
36 > + # use 'localhost' to avoid hostname resolution problems
37 > + try:
38 > + socket.sethostname('localhost')
39 > + except Exception as e:
40 > + writemsg("Unable to set hostname: %s (for FEATURES=\"network-sandbox\")\n" % (
41 > + e),
42
43 Existing code uses (e,) in cases like this, in order to wrap the
44 exception in a tuple, preventing ambiguity in python2 where exceptions
45 may behave like tuples. If you don't include the comma, then the
46 parenthesis do nothing here, but these days the string formatting
47 appears to work correctly with python2.7 either way.
48
49 > + noiselevel=-1)
50 > _configure_loopback_interface()
51 > except AttributeError:
52 > # unshare() not supported by libc
53 >
54
55 Looks good. Please merge.
56 --
57 Thanks,
58 Zac

Replies