summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
3 daysrelicense as GPL-2+HEADmainHelmut Grohne
The earlier GPL-3 only is implied in the new grant.
2025-07-12examples/unschroot_fs.py: lie about Location once for all sessionsHelmut Grohne
2025-07-12examples/unschroot_fs.py: support 0700 homeHelmut Grohne
With the tar backend, there was a chdir(~/.cache/unschroot/...) that would fail if ~ was lacking execute permission for others. Now we chdir there before unsharing and then do relative operations to support that use case.
2025-07-12examples/unschroot_fs.py: tar chroot sessions must emit a LocationHelmut Grohne
2025-07-12examples/unschroot_fs.py: Some base tar lack /devHelmut Grohne
2025-07-11prefer getpass.getuser() over os.getlogin()Helmut Grohne
os.getlogin() returns an undesired value in a runuser environment and is not overridable with environment.
2025-07-02unschroot_proc: support additional mountsHelmut Grohne
By using bindfs, we may perform id-mapped bind mounts to share e.g. a user-owned ccache with sbuild.
2025-07-02fix unschroot_proc.py to work from the examples directoryHelmut Grohne
2025-07-01add a second implementation of the unschroot exampleHelmut Grohne
While the first implementation created new namespaces for every invocation in a similar way to sbuild's unshare mode, the second implementation keeps a backround process with persistent user and mount namespace around. This allows using a new tmpfs as backing device and using fuse mounts for underlying filesystems. Communication between the background process and the cli is implemented using the https://github.com/helmutg/asyncvarlink varlink implementation. Chroots can be detected from typical locations or configured via ~/.config/unschroot.ini. Thanks go out for fruitful discussions, feedback and testing to: * Christian Hofstaedler * Christoph Berg * Enrico Zini * Jochen Sprickerhof * Johannes Schauer Marin Rodrigues * Thomas Walz
2025-06-28change/improve populate_dev APIHelmut Grohne
populate_dev may be used before unsharing a pid namespace with the intention of unsharing it. Then, /dev/pts should not be mounted and instead that mount needs to happen inside the newly created pid namespace. To allow for this usage, rename the pidns argument to pts and turn it into a literal. It may also be desired to have a /dev without pts, so add that option as well. It's a breaking change, but it does add clarity.
2025-06-27mount syscall now accepts options as dictHelmut Grohne
2025-06-26Allow customizing ZstdTarFile compression concurrencyHelmut Grohne
Also turn the compressor-specific arguments into keyword-only arguments.
2025-06-26mark "fd" as a good name for pylintHelmut Grohne
2025-06-26Document ZstdTarFile.zstopenHelmut Grohne
2025-06-26Allow specifying a compresslevel to ZstdTarFile.zstopenHelmut Grohne
2025-06-26simplify or-ed isinstance invocationsHelmut Grohne
Suggested-by: pylint
2025-06-26log unhandled exceptions from run_in_forkHelmut Grohne
2025-06-26handle SystemExit in run_in_fork reasonablyHelmut Grohne
2025-06-22async_run_in_fork: explicitly give up on the event loopHelmut Grohne
The forked process still shares file descriptors with its parent running asyncio code. Having two processes deal with the same epoll fd or similar would be really bad. Hence release the event loop in the child to prevent accidental use.
2025-06-22linuxnamespaces.syscalls: mark the logger object as privateHelmut Grohne
2025-06-12run_in_fork: allow starting the function immediatelyHelmut Grohne
Doing so skips creating the EventFD.
2025-06-12run_in_fork should never propagate exceptions from the childHelmut Grohne
Otherwise an exception handler in the caller may be invoked in unexpected ways. If an exception occurs, exit non-zero and reraise in the parent with less detail.
2025-06-12dbussy.SystemdJobWaiter: drop references to removed jobs as soon as we canHelmut Grohne
2025-06-03drop redundant OPEN_TREE_ prefix from some OpenTreeFlagsHelmut Grohne
2025-06-03add wrapper for PR_SET_DUMPABLE prctlHelmut Grohne
2025-06-03add method MountFlags.tonamesHelmut Grohne
It provides part of the functionality of MountFlags.tostr.
2025-06-01idmapping functions accept a further proc arguementHelmut Grohne
This allows opening /proc as an O_PATH descriptor, then locking a process up and then still writing idmaps by accessing the now inaccessible /proc via the retained file descriptor.
2025-06-01New methods AtLocation.write_{bytes,text}Helmut Grohne
They bring similarity to their pathlib.Path counterparts.
2025-05-24SignalFD.areaditer: support iterative readingHelmut Grohne
2025-05-24split idmapping things to new module idmapHelmut Grohne
2025-05-23align HasFileno protocol with asyncvarlinkHelmut Grohne
2025-05-21extend .gitignore for more tool-generated filesHelmut Grohne
2025-05-21agree a bit with black's formatting recommendationsHelmut Grohne
2025-05-21test_atlocation.py: mypy/1.15 now understands those literalsHelmut Grohne
2025-05-21relax type of async_copyfd regarding FileDescriptorsHelmut Grohne
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
2025-05-21fix return type of FileDescriptor.filenoHelmut Grohne
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
2025-05-21fix type checking on mypy/1.15Helmut Grohne
2025-05-21choose flit as build backendHelmut Grohne
It's a pure Python module and flit seems to just work for those.
2025-05-21expand use of FileDescriptor and add FileDescriptorLike type aliasHelmut Grohne
When accepting file descriptors, non-int objects with a fileno method are now generally accepted. When returning a file descriptor, a FileDescriptor instance is now returned.
2025-05-20AtLocation.chdir: FileDescriptor already is a context managerHelmut Grohne
2025-05-20fix AtLocation.chdir for the mixed caseHelmut Grohne
When both fd and location are given, it would previously ignore the fd component. To properly implement that, we must open and fchdir.
2025-05-20syscalls.py: help old mypy in better understanding sigvalHelmut Grohne
2025-05-20syscalls.py: simplify MountFlags implementationHelmut Grohne
The "mustnegate" field was a bit strange and it was only ever set in the default value used for the lookup. Remove it and express its semantics in code instead.
2025-05-06FileDescriptor: add convenience wrapper for pidfd_openHelmut Grohne
2025-05-04implement signalfd(2) and sigqueue(2) system callsHelmut Grohne
2025-05-04examples/withallsubuids.py: expand comparison to unshare(1)Helmut Grohne
2025-05-02examples/unschroot.py: actually support using aliasesHelmut Grohne
Fixes: 426f547d5b54 ("examples/unschroot.py: support overlayfs-based directory chroots") Reported-by: Christoph Berg <myon@debian.org>
2025-05-01examples/unschroot.py: fix sbuild compatibilityHelmut Grohne
The parent commit regressed working with "chroot:" prefixed chroots. Directory chroots are required to emit a "Mount Location" to be considered valid by sbuild.
2025-05-01examples/unschroot.py: support overlayfs-based directory chrootsHelmut Grohne
Suggested-by: Christoph Berg <myon@debian.org>
2025-04-30systemd.dbussy: call StartTransientUnit asynchronouslyHelmut Grohne
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example") Fixes: bb83f3fe1bec ("add examples/cgroup.py: writeable cgroup hierarchy")
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-29 07:42:25 +0000