| Age | Commit message (Collapse) | Author |
|---|
|
|
|
When both fd and location are given, it would previously ignore the fd
component. To properly implement that, we must open and fchdir.
|
|
|
|
The "mustnegate" field was a bit strange and it was only ever set in the
default value used for the lookup. Remove it and express its semantics
in code instead.
|
|
|
|
|
|
|
|
Fixes: 426f547d5b54 ("examples/unschroot.py: support overlayfs-based directory chroots")
Reported-by: Christoph Berg <myon@debian.org>
|
|
The parent commit regressed working with "chroot:" prefixed chroots.
Directory chroots are required to emit a "Mount Location" to be
considered valid by sbuild.
|
|
Suggested-by: Christoph Berg <myon@debian.org>
|
|
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
Fixes: bb83f3fe1bec ("add examples/cgroup.py: writeable cgroup hierarchy")
|
|
|
|
|
|
|
|
|
|
The PIDs property receives integers. Since the guessing code did not
handle integers, it would fail immediately.
|
|
|
|
|
|
Confirm that the SPDX annotation in several files is correct rather than
the pyproject classification. The SPDX headers were there right from the
start.
Fixes: 9f7a434600f4 ("add some metadata to a first pyproject.toml")
|
|
|
|
The systemd test suite does not like having no access to /sys/dev and
other trees related to devices. Optionally provide them. Properly
virtualizing them likely requires lxcfs or similar.
|
|
We now compute the actual bind mounts first and deduce the directories
in need of creation from that. This makes populate_sys easier to extend.
|
|
|
|
Fixes: 8b98dc846e7b ("populate_dev: remove assumption that newdev does not shadow origdev")
|
|
Software has a reasonable assumption that localhost as well as the
current hostname resolves to an IP address. Without an /etc/hosts file,
this is not the case and makes some builds such as src:ovn fail.
|
|
This is where unschroot becomes incompatible with schroot as schroot
does not have this option. The idea is that unschroot becomes
feature-compatible with sbuild --chroot-mode=unshare and that requires
supporting network isolation. To make use of this, sbuild needs to be
extended to pass this flag when it sees a "Type unshare" chroot that is
not normally exposed from regular schroot.
|
|
It can be used in a new network namespace to enable the loopback network
interface and thus provide easy network isolation.
|
|
When stdout is an (unnamed) pipe, it usually has permission 0o644. Since
we change uids, /dev/stdout cannot be opened unless we chmod it first.
This causes some packages such as supervisor to fail to build.
|
|
This is needed e.g. for Python's multiprocessing.SemLock.
|
|
Fixes: be42cb03f861 ("add userchroot.py example")
|
|
This symlink turns out to be important for execveat. Its NOTES section
details that /dev/fd needs to work in order for execveat to work. We
better provide this symlink.
|
|
No functional changes.
|
|
linuxnamespaces/__init__.py:
* linuxnamespaces.filedescriptor only exports FileDescriptor. By
importing *, we re-export it implicitly.
linuxnamespaces/atlocation.py:
* PathLike should be parameterized and we no longer allow bytes there.
linuxnamespaces/tarutils.py:
* Resolve dict vs Mapping.
tests/test_simple.py:
* Establish expected type to mypy.
examples/unschroot.py:
* pidfd is first an int and later a FileDescriptor, but we always use
it as int.
* Also tell mypy that we cannot get NULL from waitid.
|
|
While sbuild --chroot-mode=unshare opted for installing dumb-init, we'll
keep the environment minimal and have a dumb-init written in perl-base,
which happens to be essential still. Unfortunately, we cannot wait for
our target process from our main process as the target process is a
child of our perl init. Therefore our perl init must forward the exit
code.
|
|
Before this change, it could happen that we'd call
prctl_set_child_subreaper before our parent actually died. Thus we'd
quickly get the death signal. The additional synchronization point
ensures that our previous parent process has been waited for (and thus
we are reparented) before installing the death signal.
|
|
Any existing type would be an invalid promise. While sbuild parses the
type, it also currently throws its value away and does not base any
decisions on it. With the new value, it could recognize unschroot and
opt into new features.
|
|
* Tag sessions as "Session Purged". This causes sbuild to skip
uninstalling build-depends and other cleanup.
* Always emit "Aliases" even when empty as we get a warning from sbuild
otherwise.
|
|
Fixes: a1cc59818088 ("add example "unschroot.py"")
|
|
While this mostly provides the schroot API and adds its own semantics
around ~/.cache/unschroot, please do not consider examples a stable
interface but a room for experimentation and incompatible changes.
|
|
Two tests were failing pytest --cov, because they would sandbox
themselves in a way that writing the coverage db would be impossible.
Change them such that they retain access to the coverage database.
|
|
|
|
Allow reserving a particular range instead of allocating a suitable
large range of an IDAllocation. This is useful when a directory
hierarchy defines the allocation and we merely want to verify it to be
assigned.
|
|
Fixes: f01c7690de8e ("add example chrootfuse2fs.py")
|
|
It serves two main purposes. For one thing, it allows telling bare
integers and file descriptors apart on a typing level similar to a
NewType. For another it adds common methods to a file descriptor and
enables closing it via a context manager.
|
|
|
|
|
|
It is a bit like an async version of shutil.copyfileobj but for bare
file descriptors and has an optimized version for pipes.
|
|
os.splice from Python >= 3.10 is good enough.
This reverts commit 056c1f964f55adedc17f8d7bddef1f48c73852c7.
|
|
|
|
|
