summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-20syscalls: use >= 3.10 support for eventfds in os moduleHelmut Grohne
2024-05-18examples/netnsslirp.py: simplify termination of slirp4netnsHelmut Grohne
2024-05-17add a splice syscall wrapperHelmut Grohne
2024-05-17add prctl_set_child_subreaperHelmut Grohne
2024-05-17populate_dev: also create std{in,out,err} symlinksHelmut Grohne
When booting systemd, it'll create these symlinks, but when doing an application container, nothing does this and we risk creating regular files there.
2024-05-10Revert "examples/chroottar.py: harden against tars with high uids"Helmut Grohne
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47. We really deal with two user namespaces. The initial/parent process maps the target id range plus the current user id. The child process that executes the workload only maps the target id range without the current user id. The child opens the tar file while it still is in the initial namespace, then unshares and once it only has the subid range mapped, it performs the extraction. No clamping is necessary at this point. The parent process maps additionally maps the current id in order to write the tar file.
2024-05-09add linuxnamespaces.tarinfo.XAttrTarFileHelmut Grohne
This is a mixin subclass for TarFile that enables it to restore and apply linux extended attributes as PAX headers in the SCHILY.xattr.* format. As a consequence, this enables us to process tar archives containing file system capabilities.
2024-05-09add linuxnamespaces.tarutilsHelmut Grohne
Move the generic tar utilities from the chroottar.py example into a linuxnamespaces module as dealing with tar archives is a fairly common thing when dealing with namespaces.
2024-05-07mount: allow data argument to be a listHelmut Grohne
2024-05-06chroottar.py: don't raise NotImplementedError for misuseHelmut Grohne
The mode actually can only have these three distinct literals. While more complex modes can get passed to TarFile.open, they're decomposed there and only of these three is passed to the compressor openers.
2024-05-06syscalls: allow logging of syscallsHelmut Grohne
2024-05-06chroottar.py: implement Tarfile.zstopen for fileobjHelmut Grohne
zstandard.open actually consumes file objects. Hence there is little benefit in not implementing the passing of a fileobj even though we don't use it here.
2024-05-06examples/cgroup.py: use the assigned cgroupHelmut Grohne
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
2024-04-23lift the dbus functionality from the cgroup exampleHelmut Grohne
2024-04-19examples/cgroup.py: support jeepney as an alternative to ravelHelmut Grohne
2024-04-19examples/cgroup.py: use asyncio.runHelmut Grohne
2024-04-19examples/cgroup.py: do not fail when ravel is unavailableHelmut Grohne
2024-04-18examples/cgroup.py: we should pass Delegate=trueHelmut Grohne
2024-04-18examples/cgroup.py: extract a context manager waiting for systemd jobsHelmut Grohne
2024-04-04avoid hard coding the soname of the libcHelmut Grohne
Passing None as name also yields libc functions.
2024-04-04add method AtLocation.as_emptypath for cloning a locationHelmut Grohne
2024-04-04add an example for unsharing a PID namespaceHelmut Grohne
2024-04-04add syscall wrapper for prctl(PR_SET_PDEATHSIG, ...)Helmut Grohne
2024-04-04add function populate_procHelmut Grohne
2024-04-04document security implications of populate_* functionsHelmut Grohne
2024-04-03declare pytest-forked dependency that is in use alreadyHelmut Grohne
2024-04-03tests: avoid need for a type annotationHelmut Grohne
mypy wants type annotations for every def. As we only call another function, we may pass it to the decorator directly and shut up mypy.
2024-04-03add basic tests for AtLocationHelmut Grohne
2024-04-03AtLocation.walk: add support for AT_EMPTY_PATHHelmut Grohne
2024-04-03AtLocation.walk: emit nofllow flag when follow_symlinks=FalseHelmut Grohne
2024-04-03AtLocation.readlink: require AT_SYMLINK_NOFOLLOWHelmut Grohne
It does not make sense to read a link after having followed it.
2024-04-02improve AtLocation.join semanticsHelmut Grohne
Also allow joining an AtLocation. When doing that note that any kind of absolute location object (absolute path without fd and any location with an fd) results in just that latter location just like os.path.join returns the latter path when it is absolute. Fixes: 034f732a1af4 ("initial checkin")
2024-04-02a few formatting and typo fixesHelmut Grohne
2024-04-02add documentation regarding resource management of AtLocationsHelmut Grohne
2024-04-02fix logic error in AtLocation.statHelmut Grohne
Fixes: 1c265b6e11c3 ("add os.stat wrapper AtLocation.stat")
2024-03-24AtLocation.mkdir: support optional arguments from pathlibHelmut Grohne
2024-03-22add convenience functions for stat to AtLocationLikeHelmut Grohne
These are the is_* family and exists all from pathlib.Path.
2024-03-22add os.stat wrapper AtLocation.statHelmut Grohne
2024-03-16slightly simplify testsHelmut Grohne
2024-03-16add an asyncio variant of run_in_forkHelmut Grohne
2024-03-14rename AtLocation.symlink to symlink_toHelmut Grohne
This mirrors what was done for pathlib.Path to avoid confusion about argument order.
2024-03-12work around mypy misdetection on bookwormHelmut Grohne
2024-03-11add method AtLocation.is_absoluteHelmut Grohne
This is similar to pathlib.Path.is_absolute.
2024-03-07add AtLocation.rename method wrapping os.renameHelmut Grohne
2024-03-07add AtLocation.link method wrapping os.linkHelmut Grohne
2024-03-03add function for prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, ...)Helmut Grohne
2024-03-03implement repr for AtLocationHelmut Grohne
2024-03-02fix typosJakub Wilk
2024-03-02examples/chroottar.py: make pylint happierHelmut Grohne
2024-03-01add rudimentary prctl syscall wrapperHelmut Grohne
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 04:12:41 +0000