make.sh: Entirely disable network access in the build environment

Except when in the shell.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/make.sh b/make.sh
index f5dc2a6491e307b92bd2306307f68de2ba235a65..6cd8b53af82d54a5d3a3778d6f318196f1763267 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -514,7 +514,7 @@ entershell() {
        local PS1="ipfire build chroot (${BUILD_ARCH}) \u:\w\$ "
 
        # Run an interactive shell
-       execute --chroot --interactive bash -i
+       execute --chroot --interactive --network bash -i
 }
 
 lfsmakecommoncheck() {
@@ -547,6 +547,7 @@ execute() {
        local command=()
        local interactive="false"
        local timer
+       local network="false"
 
        # Collect environment variables
        local -A environ=(
@@ -685,6 +686,10 @@ execute() {
                                )
                                ;;
 
+                       --network)
+                               network="true"
+                               ;;
+
                        --timer=*)
                                timer="${1#--timer=}"
                                ;;
@@ -740,6 +745,11 @@ execute() {
                esac
        fi
 
+       # Network
+       if [ "${network}" = "false" ]; then
+               unshare+=( "--net" )
+       fi
+
        local execute=()
        local env