diff options
| author | Dan Willemsen | 2019-01-15 18:58:27 -0600 |
|---|---|---|
| committer | Dan Willemsen | 2019-01-15 18:58:27 -0600 |
| commit | 24024eafeef31fe85c7c1d0d681aefe8f4d969b5 (patch) | |
| tree | ce974e0ea139325a21ad2afecf1bf970ee342f11 /ui | |
| parent | adf980bf916ba710b287f41b5116114cbacc052a (diff) | |
| download | platform-build-soong-24024eafeef31fe85c7c1d0d681aefe8f4d969b5.tar.gz platform-build-soong-24024eafeef31fe85c7c1d0d681aefe8f4d969b5.tar.xz platform-build-soong-24024eafeef31fe85c7c1d0d681aefe8f4d969b5.zip | |
Effectively disable network access during the build
This starts a new network namespace without any connections to the
outside.
Bug: 122270019
Test: USE_GOMA=true m libc
Test: treehugger
Test: add rule to use /usr/bin/wget, fails after this change
Change-Id: Iba262025ce0e4e3bef5c34c817cc678d6c61403b
Diffstat (limited to 'ui')
| -rw-r--r-- | ui/build/sandbox_linux.go | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/ui/build/sandbox_linux.go b/ui/build/sandbox_linux.go index b87637f7..f77eebb2 100644 --- a/ui/build/sandbox_linux.go +++ b/ui/build/sandbox_linux.go | |||
| @@ -143,9 +143,6 @@ func (c *Cmd) wrapSandbox() { | |||
| 143 | // For now, just map everything. Eventually we should limit this, especially to make most things readonly. | 143 | // For now, just map everything. Eventually we should limit this, especially to make most things readonly. |
| 144 | "-B", "/", | 144 | "-B", "/", |
| 145 | 145 | ||
| 146 | // Enable networking for now. TODO: remove | ||
| 147 | "-N", | ||
| 148 | |||
| 149 | // Disable newcgroup for now, since it may require newer kernels | 146 | // Disable newcgroup for now, since it may require newer kernels |
| 150 | // TODO: try out cgroups | 147 | // TODO: try out cgroups |
| 151 | "--disable_clone_newcgroup", | 148 | "--disable_clone_newcgroup", |