summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHelmut Grohne <helmut@subdivi.de>2024-01-19 13:08:41 +0100
committerHelmut Grohne <helmut@subdivi.de>2024-01-19 13:08:41 +0100
commit119d04f017c39307280bb88fcdeaaf6f31ee9c9d (patch)
treef5d7735d45bc1952ebe9eda53d19a159ffc69b10
parentbe42cb03f8616f00fbb4cba29f98eee8d1878056 (diff)
downloadpython-linuxnamespaces-119d04f017c39307280bb88fcdeaaf6f31ee9c9d.tar.gz
add convenience function unshare_user_idmap_nohelper
-rw-r--r--linuxnamespaces/__init__.py13
-rw-r--r--tests/test_simple.py11
2 files changed, 17 insertions, 7 deletions
diff --git a/linuxnamespaces/__init__.py b/linuxnamespaces/__init__.py
index 29d41f6..5d810b0 100644
--- a/linuxnamespaces/__init__.py
+++ b/linuxnamespaces/__init__.py
@@ -331,3 +331,16 @@ def unshare_user_idmap(
newidmaps(pid, uidmap, gidmap)
unshare(flags)
setup_idmaps()
+
+def unshare_user_idmap_nohelper(
+ uid: int, gid: int, flags: CloneFlags = CloneFlags.NEWUSER
+) -> None:
+ """Unshare the given namespaces (must include user) and
+ map the current user and group to the given uid and gid
+ without using the setuid helpers.
+ """
+ uidmap = IDMapping(uid, os.getuid(), 1)
+ gidmap = IDMapping(gid, os.getgid(), 1)
+ unshare(flags)
+ pathlib.Path("/proc/self/setgroups").write_bytes(b"deny")
+ newidmaps(-1, [uidmap], [gidmap], False)
diff --git a/tests/test_simple.py b/tests/test_simple.py
index e0cb66e..8469bb4 100644
--- a/tests/test_simple.py
+++ b/tests/test_simple.py
@@ -84,15 +84,12 @@ class UnshareTest(unittest.TestCase):
@pytest.mark.forked
def test_populate_dev(self) -> None:
- uidmap = linuxnamespaces.IDMapping(0, os.getuid(), 1)
- gidmap = linuxnamespaces.IDMapping(0, os.getgid(), 1)
- linuxnamespaces.unshare(
+ linuxnamespaces.unshare_user_idmap_nohelper(
+ 0,
+ 0,
linuxnamespaces.CloneFlags.NEWUSER
- | linuxnamespaces.CloneFlags.NEWNS
+ | linuxnamespaces.CloneFlags.NEWNS,
)
- pathlib.Path("/proc/self/setgroups").write_text("deny")
- linuxnamespaces.newuidmap(-1, [uidmap], False)
- linuxnamespaces.newgidmap(-1, [gidmap], False)
linuxnamespaces.mount("tmpfs", "/mnt", "tmpfs", data="mode=0755")
os.mkdir("/mnt/dev")
linuxnamespaces.populate_dev("/", "/mnt", pidns=False)