diff options
| author | Helmut Grohne <helmut@subdivi.de> | 2025-06-01 19:48:23 +0200 |
|---|---|---|
| committer | Helmut Grohne <helmut@subdivi.de> | 2025-06-01 19:48:23 +0200 |
| commit | 561ba14cddd2cd0b162016bb0136c6c5eae600cb (patch) | |
| tree | 09af480130c6a8a5d8130841757a4262738400cb /linuxnamespaces/idmap.py | |
| parent | ca32b72b72ce36c2bb987f53056ca2616fcba216 (diff) | |
| download | python-linuxnamespaces-561ba14cddd2cd0b162016bb0136c6c5eae600cb.tar.gz | |
idmapping functions accept a further proc arguement
This allows opening /proc as an O_PATH descriptor, then locking a
process up and then still writing idmaps by accessing the now
inaccessible /proc via the retained file descriptor.
Diffstat (limited to 'linuxnamespaces/idmap.py')
| -rw-r--r-- | linuxnamespaces/idmap.py | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/linuxnamespaces/idmap.py b/linuxnamespaces/idmap.py index d75f1a9..a10ec12 100644 --- a/linuxnamespaces/idmap.py +++ b/linuxnamespaces/idmap.py @@ -8,10 +8,11 @@ namespace. import bisect import dataclasses import os -import pathlib import subprocess import typing +from .atlocation import AtLocation, AtLocationLike + def subidranges( kind: typing.Literal["uid", "gid"], login: str | None = None @@ -174,6 +175,8 @@ def newidmap( pid: int, mapping: list[IDMapping], helper: bool | None = None, + *, + proc: AtLocationLike | None = None, ) -> None: """Apply the given uid or gid mapping to the given process. A positive pid identifies a process, other values identify the currently running process. @@ -196,7 +199,8 @@ def newidmap( argv.extend(map(str, dataclasses.astuple(idblock))) subprocess.check_call(argv) else: - pathlib.Path(f"/proc/{pid}/{kind}_map").write_text( + proc = AtLocation("/proc" if proc is None else proc) + (proc / f"{pid}/{kind}_map").write_text( "".join( "%d %d %d\n" % dataclasses.astuple(idblock) for idblock in mapping @@ -205,18 +209,30 @@ def newidmap( ) -def newuidmap(pid: int, mapping: list[IDMapping], helper: bool = True) -> None: +def newuidmap( + pid: int, + mapping: list[IDMapping], + helper: bool = True, + *, + proc: AtLocationLike | None = None, +) -> None: """Apply a given uid mapping to the given process. Refer to newidmap for details. """ - newidmap("uid", pid, mapping, helper) + newidmap("uid", pid, mapping, helper, proc=proc) -def newgidmap(pid: int, mapping: list[IDMapping], helper: bool = True) -> None: +def newgidmap( + pid: int, + mapping: list[IDMapping], + helper: bool = True, + *, + proc: AtLocationLike | None = None, +) -> None: """Apply a given gid mapping to the given process. Refer to newidmap for details. """ - newidmap("gid", pid, mapping, helper) + newidmap("gid", pid, mapping, helper, proc=proc) def newidmaps( @@ -224,9 +240,11 @@ def newidmaps( uidmapping: list[IDMapping], gidmapping: list[IDMapping], helper: bool = True, + *, + proc: AtLocationLike | None = None, ) -> None: """Apply a given uid and gid mapping to the given process. Refer to newidmap for details. """ - newgidmap(pid, gidmapping, helper) - newuidmap(pid, uidmapping, helper) + newgidmap(pid, gidmapping, helper, proc=proc) + newuidmap(pid, uidmapping, helper, proc=proc) |