build_image: disable network access There's no need for build_image to access the network as it has all the files already downloaded, so enforce it by turning off access. BUG=chromium:1068391 TEST=CQ passes Change-Id: I0da4d96635464f7dd0daf05c2e26d359188476b3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosutils/+/2137982 Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Alex Klein <saklein@chromium.org> Commit-Queue: Mike Frysinger <vapier@chromium.org>

commit: a91e35ec734a9ee8e0d7972da37c93c61054c651 [log] [tgz]
author: Mike Frysinger <vapier@chromium.org> Mon Apr 06 19:34:49 2020 -0400
committer: Commit Bot <commit-bot@chromium.org> Thu May 07 06:16:08 2020 +0000
tree: 431a4e3590b12090b9d6b0c5fb4f8bba20ef4a09
parent: 29127c29b7d685bc143f10d5189f3db32a129bde [diff]
diff --git a/build_image b/build_image
index 3fd2e3a..9075304 100755
--- a/build_image
+++ b/build_image

@@ -13,6 +13,14 @@
 # shellcheck source=build_library/build_common.sh
 . "${SCRIPT_ROOT}/build_library/build_common.sh" || exit 1
 
+# Make sure we run with network disabled to prevent leakage.
+if [[ -z ${UNSHARE} ]]; then
+  if [[ $(id -u) -ne 0 ]]; then
+    exec sudo -E env PATH="${PATH}" "$0" "$@"
+  fi
+  exec unshare -n -- sudo -E UNSHARE=true -u "${SUDO_USER}" -- "$0" "$@"
+fi
+
 # Developer-visible flags.
 DEFINE_string adjust_part "" \
   "Adjustments to apply to partition table (LABEL:[+-=]SIZE) e.g. ROOT-A:+1G"
commit	a91e35ec734a9ee8e0d7972da37c93c61054c651	[log] [tgz]
author	Mike Frysinger <vapier@chromium.org>	Mon Apr 06 19:34:49 2020 -0400
committer	Commit Bot <commit-bot@chromium.org>	Thu May 07 06:16:08 2020 +0000
tree	431a4e3590b12090b9d6b0c5fb4f8bba20ef4a09
parent	29127c29b7d685bc143f10d5189f3db32a129bde [diff]