Skip to content

Allow disabling melange runner network (capabilities.networking)#2546

Open
falcorocks wants to merge 2 commits into
chainguard-dev:mainfrom
falcorocks:falcorocks/no-network-capabilities-2
Open

Allow disabling melange runner network (capabilities.networking)#2546
falcorocks wants to merge 2 commits into
chainguard-dev:mainfrom
falcorocks:falcorocks/no-network-capabilities-2

Conversation

@falcorocks

@falcorocks falcorocks commented May 26, 2026

Copy link
Copy Markdown

Summary

Add an optional capabilities.networking boolean to melange YAML so callers can
disable network access in the build/test runner sandbox. Honored by all three
runners: bubblewrap, docker, and qemu.

Motivation (security)

melange currently always enables networking for the sandbox runner, which makes
it harder to build packages in network-restricted environments. Disabling
networking at the runner boundary reduces supply-chain risk by preventing
exfiltration and remote fetches during build/test steps.

Behavior

Backward compatible. When capabilities.networking is omitted, melange keeps
the current behavior (network enabled). When set to false, melange disables
network in the runner sandbox:

  • bubblewrap: --unshare-net (new network namespace, loopback only)
  • docker: NetworkMode=none (loopback only, no route off-box)
  • qemu: SLIRP restrict=on (guest isolated from host and the outside world,
    while the hostfwd SSH control channel melange uses to drive the guest stays
    intact)

Usage

capabilities:
  networking: false

Tests

Unit tests cover the network decision for each runner (dockerNetworkMode,
qemuNetdevArgs, and the bubblewrap arg construction). Also verified
end-to-end: a probe package whose pipeline curls an external host fails the
build when reachability does not match the flag, run across all three runners.

go test ./...

@falcorocks falcorocks force-pushed the falcorocks/no-network-capabilities-2 branch 5 times, most recently from 59a2351 to a9a5cd9 Compare June 5, 2026 13:20
The capabilities.networking flag was only wired into the bubblewrap
runner. On docker and qemu it was silently ignored, so a config with
networking: false still ran build/test steps with full network access
(docker is the default runner on macOS).

- docker: set HostConfig.NetworkMode to "none" when networking is
  disabled (loopback only, no route off-box).
- qemu: add SLIRP restrict=on to the guest netdev when networking is
  disabled. This isolates the guest from the host and the outside world
  while leaving the hostfwd SSH control channel intact.

Extract dockerNetworkMode and qemuNetdevArgs helpers and add unit tests
covering the network decision for all three runners.
@falcorocks falcorocks force-pushed the falcorocks/no-network-capabilities-2 branch from a9a5cd9 to fba903f Compare June 8, 2026 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant