marko10_000
/
flatpak-builder
forked from Mirrors/flatpak-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Always pass --unshare=network when building sandboxed 

It may be the case that we've e.g. specified a custom metadata file that
has network access, so always disable it explicitly during the builds.
auto
Alexander Larsson 2018-04-23 14:28:23 +02:00 committed by Alexander Larsson
parent 842b6400b7
commit c9df9b89fc
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/builder-options.c
View File

@ -1023,10 +1023,17 @@ builder_options_get_build_args (BuilderOptions *self,
}
}
if (array->len > 0 && builder_context_get_sandboxed (context))
if (builder_context_get_sandboxed (context))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Can't specify build-args in sandboxed build");
return NULL;
if (array->len > 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Can't specify build-args in sandboxed build");
return NULL;
}
/* If, for whatever reason, the app has network access in the
metadata, explicitly neuter that if we're building
sandboxed */
g_ptr_array_add (array, g_strdup ("--unshare=network"));
}
g_ptr_array_add (array, NULL);