| Message ID | 20211222231907.1036709-2-richard.purdie@linuxfoundation.org |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] utils: Add disable_network function | expand |
Hi, On December 23, 2021 12:19:07 AM GMT+01:00, Richard Purdie <richard.purdie@linuxfoundation.org> wrote: >Add a "nonetwork" task specific flag which then triggers networking to >be disabled for this task. > >This needs to happen before we enter the fakeroot environment of the task >due to the need for the real uid/gid which we save in the parent process. > I'd like to see some docs about this in Bitbake in the variable flags section https://docs.yoctoproject.org/bitbake/bitbake-user-manual/bitbake-user-manual-metadata.html#variable-flags so it's not a hidden feature :) Just writing this here so we don't forget. Cheers, Quentin >Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> >--- > bin/bitbake-worker | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/bin/bitbake-worker b/bin/bitbake-worker >index bf96207edc..32d4f58655 100755 >--- a/bin/bitbake-worker >+++ b/bin/bitbake-worker >@@ -152,6 +152,10 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha > fakeenv = {} > umask = None > >+ uid = os.getuid() >+ gid = os.getgid() >+ >+ > taskdep = workerdata["taskdeps"][fn] > if 'umask' in taskdep and taskname in taskdep['umask']: > umask = taskdep['umask'][taskname] >@@ -257,6 +261,10 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha > > bb.utils.set_process_name("%s:%s" % (the_data.getVar("PN"), taskname.replace("do_", ""))) > >+ if the_data.getVarFlag(taskname, 'nonetwork', False): >+ logger.debug("Attempting to disable network") >+ bb.utils.disable_network(uid, gid) >+ > # exported_vars() returns a generator which *cannot* be passed to os.environ.update() > # successfully. We also need to unset anything from the environment which shouldn't be there > exports = bb.data.exported_vars(the_data)
diff --git a/bin/bitbake-worker b/bin/bitbake-worker index bf96207edc..32d4f58655 100755 --- a/bin/bitbake-worker +++ b/bin/bitbake-worker @@ -152,6 +152,10 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha fakeenv = {} umask = None + uid = os.getuid() + gid = os.getgid() + + taskdep = workerdata["taskdeps"][fn] if 'umask' in taskdep and taskname in taskdep['umask']: umask = taskdep['umask'][taskname] @@ -257,6 +261,10 @@ def fork_off_task(cfg, data, databuilder, workerdata, fn, task, taskname, taskha bb.utils.set_process_name("%s:%s" % (the_data.getVar("PN"), taskname.replace("do_", ""))) + if the_data.getVarFlag(taskname, 'nonetwork', False): + logger.debug("Attempting to disable network") + bb.utils.disable_network(uid, gid) + # exported_vars() returns a generator which *cannot* be passed to os.environ.update() # successfully. We also need to unset anything from the environment which shouldn't be there exports = bb.data.exported_vars(the_data)
Add a "nonetwork" task specific flag which then triggers networking to be disabled for this task. This needs to happen before we enter the fakeroot environment of the task due to the need for the real uid/gid which we save in the parent process. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- bin/bitbake-worker | 8 ++++++++ 1 file changed, 8 insertions(+)