populate_sys: allow device access

The systemd test suite does not like having no access to /sys/dev and
other trees related to devices. Optionally provide them. Properly
virtualizing them likely requires lxcfs or similar.

2 files changed, 8 insertions, 5 deletions

diff --git a/examples/cgroup.py b/examples/cgroup.py
index 5fa5df6..219dc62 100755
--- a/examples/cgroup.py
+++ b/examples/cgroup.py
@@ -50,14 +50,17 @@ def main() -> None:
             linuxnamespaces.systemd.reexec_as_transient_unit(
                 properties={"Delegate": True}
             )
+    namespaces = (
+        linuxnamespaces.CloneFlags.NEWUSER
+        | linuxnamespaces.CloneFlags.NEWNS
+        | linuxnamespaces.CloneFlags.NEWCGROUP
+    )
     linuxnamespaces.unshare_user_idmap(
         [linuxnamespaces.IDMapping(os.getuid(), os.getuid(), 1)],
         [linuxnamespaces.IDMapping(os.getgid(), os.getgid(), 1)],
-        linuxnamespaces.CloneFlags.NEWUSER
-        | linuxnamespaces.CloneFlags.NEWNS
-        | linuxnamespaces.CloneFlags.NEWCGROUP,
+        namespaces,
     )
-    linuxnamespaces.populate_sys("/", "/", mycgroup)
+    linuxnamespaces.populate_sys("/", "/", namespaces, mycgroup)
     os.execlp(os.environ["SHELL"], os.environ["SHELL"])
 
 
diff --git a/examples/unschroot.py b/examples/unschroot.py
index 59c0ce4..7ad0bed 100755
--- a/examples/unschroot.py
+++ b/examples/unschroot.py
@@ -243,7 +243,7 @@ def do_run_session(args: argparse.Namespace) -> None:
         os.setuid(0)
         linuxnamespaces.bind_mount(".", "/mnt", recursive=True)
         os.chdir("/mnt")
-        linuxnamespaces.populate_sys("/", ".")
+        linuxnamespaces.populate_sys("/", ".", ns)
         linuxnamespaces.populate_proc("/", ".", ns)
         linuxnamespaces.populate_dev(
             "/", ".", tun=bool(ns & linuxnamespaces.CloneFlags.NEWNET)