diff options
author | Helmut Grohne <helmut@subdivi.de> | 2024-01-19 13:08:41 +0100 |
---|---|---|
committer | Helmut Grohne <helmut@subdivi.de> | 2024-01-19 13:08:41 +0100 |
commit | 119d04f017c39307280bb88fcdeaaf6f31ee9c9d (patch) | |
tree | f5d7735d45bc1952ebe9eda53d19a159ffc69b10 | |
parent | be42cb03f8616f00fbb4cba29f98eee8d1878056 (diff) | |
download | python-linuxnamespaces-119d04f017c39307280bb88fcdeaaf6f31ee9c9d.tar.gz |
add convenience function unshare_user_idmap_nohelper
-rw-r--r-- | linuxnamespaces/__init__.py | 13 | ||||
-rw-r--r-- | tests/test_simple.py | 11 |
2 files changed, 17 insertions, 7 deletions
diff --git a/linuxnamespaces/__init__.py b/linuxnamespaces/__init__.py index 29d41f6..5d810b0 100644 --- a/linuxnamespaces/__init__.py +++ b/linuxnamespaces/__init__.py @@ -331,3 +331,16 @@ def unshare_user_idmap( newidmaps(pid, uidmap, gidmap) unshare(flags) setup_idmaps() + +def unshare_user_idmap_nohelper( + uid: int, gid: int, flags: CloneFlags = CloneFlags.NEWUSER +) -> None: + """Unshare the given namespaces (must include user) and + map the current user and group to the given uid and gid + without using the setuid helpers. + """ + uidmap = IDMapping(uid, os.getuid(), 1) + gidmap = IDMapping(gid, os.getgid(), 1) + unshare(flags) + pathlib.Path("/proc/self/setgroups").write_bytes(b"deny") + newidmaps(-1, [uidmap], [gidmap], False) diff --git a/tests/test_simple.py b/tests/test_simple.py index e0cb66e..8469bb4 100644 --- a/tests/test_simple.py +++ b/tests/test_simple.py @@ -84,15 +84,12 @@ class UnshareTest(unittest.TestCase): @pytest.mark.forked def test_populate_dev(self) -> None: - uidmap = linuxnamespaces.IDMapping(0, os.getuid(), 1) - gidmap = linuxnamespaces.IDMapping(0, os.getgid(), 1) - linuxnamespaces.unshare( + linuxnamespaces.unshare_user_idmap_nohelper( + 0, + 0, linuxnamespaces.CloneFlags.NEWUSER - | linuxnamespaces.CloneFlags.NEWNS + | linuxnamespaces.CloneFlags.NEWNS, ) - pathlib.Path("/proc/self/setgroups").write_text("deny") - linuxnamespaces.newuidmap(-1, [uidmap], False) - linuxnamespaces.newgidmap(-1, [gidmap], False) linuxnamespaces.mount("tmpfs", "/mnt", "tmpfs", data="mode=0755") os.mkdir("/mnt/dev") linuxnamespaces.populate_dev("/", "/mnt", pidns=False) |