prevent builder accessing network (block resolv.conf access)

diff --git a/docker-builder.sh b/docker-builder.sh
index e2a932d76f4aa9c0c434b1f8acab677238a9e912..5b262b1ef69581a29c701e2b171312d687273fc7 100755 (executable)
--- a/docker-builder.sh
+++ b/docker-builder.sh
@@ -28,10 +28,13 @@ docker run --name=$name -d \
        $image
 
 # these paths need to be accessible for builder
-docker exec --user root $name chown builder:builder rpm/logs rpm/BUILD .ccache
+docker exec --user=root $name chown builder:builder rpm/logs rpm/BUILD .ccache
 
-# fetch sources
-docker exec $name builder -g $package
+# fetch sources and install deps
+docker exec $name builder -g -R $package
+
+# prevent network access like pld builders do
+docker exec --user=root $name setfacl -m u:builder:--- /etc/resolv.conf
 
 git_tag=$(GIT_DIR=$topdir/packages/$package/.git git describe --tags --always)
 buildlog=rpm/logs/${git_tag#auto/*/}.log