1 files changed, 14 insertions, 13 deletions

diff --git a/mkarchroot.in b/mkarchroot.in
index cb95f8e..7b6adf7 100644
--- a/mkarchroot.in
+++ b/mkarchroot.in
@@ -15,6 +15,7 @@ CHROOT_VERSION='v2'
 FORCE='n'
 RUN=''
 NOCOPY='n'
+NONETWORK='n'
 
 working_dir=''
 
@@ -31,6 +32,7 @@ usage() {
 	echo '    -M <file>     Location of a makepkg config file'
 	echo '    -n            Do not copy config files into the chroot'
 	echo '    -c <dir>      Set pacman cache'
+	echo '    -N            Disable networking in the chroot'
 	echo '    -h            This message'
 	exit 1
 }
@@ -44,6 +46,7 @@ while getopts 'r:ufnhC:M:c:' arg; do
 		M) makepkg_conf="$OPTARG" ;;
 		n) NOCOPY='y' ;;
 		c) cache_dir="$OPTARG" ;;
+		N) NONETWORK='y' ;;
 		h|?) usage ;;
 		*) error "invalid argument '${arg}'"; usage ;;
 	esac
@@ -183,26 +186,24 @@ trap_chroot_umount () {
 }
 
 chroot_lock () {
-	# Only reopen the FD if it wasn't handed to us
-	if [[ $(readlink -f /dev/fd/9) != "${working_dir}.lock" ]]; then
-	  exec 9>"${working_dir}.lock"
-	fi
-
-	# Lock the chroot. Take note of the FD number.
-	if ! flock -n 9; then
-		stat_busy "Locking chroot"
-		flock 9
-		stat_done
-	fi
+	lock_open_write 9 "${working_dir}.lock" "Locking chroot"u
 }
 
 chroot_run() {
 	local dir=$1
 	shift
 	if (( have_nspawn)); then
-		eval systemd-nspawn -D "${dir}" -- ${@} 2>/dev/null
+		local nspawn_args=(-D "$dir")
+		if [[ $NONETWORK = y ]]; then
+			nspawn_args+=(--private-network)
+		fi
+		eval systemd-nspawn "${nspawn_args[@]}" -- "${@}" 2>/dev/null
 	else
-		eval unshare -mui -- chroot "${dir}" ${@}
+		local unshare_args=(-mui)
+		if [[ $NONETWORK = y ]]; then
+			unshare_args+=(-n)
+		fi
+		eval unshare "${unshare_args[@]}" -- chroot "${dir}" "${@}"
 	fi
 }