summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-06-03drop redundant OPEN_TREE_ prefix from some OpenTreeFlagsHelmut Grohne
2025-06-03add wrapper for PR_SET_DUMPABLE prctlHelmut Grohne
2025-06-03add method MountFlags.tonamesHelmut Grohne
It provides part of the functionality of MountFlags.tostr.
2025-06-01idmapping functions accept a further proc arguementHelmut Grohne
This allows opening /proc as an O_PATH descriptor, then locking a process up and then still writing idmaps by accessing the now inaccessible /proc via the retained file descriptor.
2025-06-01New methods AtLocation.write_{bytes,text}Helmut Grohne
They bring similarity to their pathlib.Path counterparts.
2025-05-24SignalFD.areaditer: support iterative readingHelmut Grohne
2025-05-24split idmapping things to new module idmapHelmut Grohne
2025-05-23align HasFileno protocol with asyncvarlinkHelmut Grohne
2025-05-21extend .gitignore for more tool-generated filesHelmut Grohne
2025-05-21agree a bit with black's formatting recommendationsHelmut Grohne
2025-05-21test_atlocation.py: mypy/1.15 now understands those literalsHelmut Grohne
2025-05-21relax type of async_copyfd regarding FileDescriptorsHelmut Grohne
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
2025-05-21fix return type of FileDescriptor.filenoHelmut Grohne
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
2025-05-21fix type checking on mypy/1.15Helmut Grohne
2025-05-21choose flit as build backendHelmut Grohne
It's a pure Python module and flit seems to just work for those.
2025-05-21expand use of FileDescriptor and add FileDescriptorLike type aliasHelmut Grohne
When accepting file descriptors, non-int objects with a fileno method are now generally accepted. When returning a file descriptor, a FileDescriptor instance is now returned.
2025-05-20AtLocation.chdir: FileDescriptor already is a context managerHelmut Grohne
2025-05-20fix AtLocation.chdir for the mixed caseHelmut Grohne
When both fd and location are given, it would previously ignore the fd component. To properly implement that, we must open and fchdir.
2025-05-20syscalls.py: help old mypy in better understanding sigvalHelmut Grohne
2025-05-20syscalls.py: simplify MountFlags implementationHelmut Grohne
The "mustnegate" field was a bit strange and it was only ever set in the default value used for the lookup. Remove it and express its semantics in code instead.
2025-05-06FileDescriptor: add convenience wrapper for pidfd_openHelmut Grohne
2025-05-04implement signalfd(2) and sigqueue(2) system callsHelmut Grohne
2025-05-04examples/withallsubuids.py: expand comparison to unshare(1)Helmut Grohne
2025-05-02examples/unschroot.py: actually support using aliasesHelmut Grohne
Fixes: 426f547d5b54 ("examples/unschroot.py: support overlayfs-based directory chroots") Reported-by: Christoph Berg <myon@debian.org>
2025-05-01examples/unschroot.py: fix sbuild compatibilityHelmut Grohne
The parent commit regressed working with "chroot:" prefixed chroots. Directory chroots are required to emit a "Mount Location" to be considered valid by sbuild.
2025-05-01examples/unschroot.py: support overlayfs-based directory chrootsHelmut Grohne
Suggested-by: Christoph Berg <myon@debian.org>
2025-04-30systemd.dbussy: call StartTransientUnit asynchronouslyHelmut Grohne
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example") Fixes: bb83f3fe1bec ("add examples/cgroup.py: writeable cgroup hierarchy")
2025-04-29move the get_cgroup utility function into the libraryHelmut Grohne
2025-04-29README.md: suggest looking into examplesHelmut Grohne
2025-03-27examples/chroottar.py: expand matching of device filesHelmut Grohne
2025-03-22examples/chrootfuse.py: add support for erofsHelmut Grohne
2024-11-16systemd: improve dbus type guessingHelmut Grohne
The PIDs property receives integers. Since the guessing code did not handle integers, it would fail immediately.
2024-11-12add chhostname.py exampleHelmut Grohne
2024-10-26add a method IDMapping.identity for convenienceHelmut Grohne
2024-10-26fix license in pyproject classifiersHelmut Grohne
Confirm that the SPDX annotation in several files is correct rather than the pyproject classification. The SPDX headers were there right from the start. Fixes: 9f7a434600f4 ("add some metadata to a first pyproject.toml")
2024-06-22unschroot: allow device accessHelmut Grohne
2024-06-22populate_sys: allow device accessHelmut Grohne
The systemd test suite does not like having no access to /sys/dev and other trees related to devices. Optionally provide them. Properly virtualizing them likely requires lxcfs or similar.
2024-06-22populate_sys: refactorHelmut Grohne
We now compute the actual bind mounts first and deduce the directories in need of creation from that. This makes populate_sys easier to extend.
2024-06-22unschroot: only provide /dev/net/tun when the network namespace is unsharedHelmut Grohne
2024-06-22populate_dev: fix /dev/net/tunHelmut Grohne
Fixes: 8b98dc846e7b ("populate_dev: remove assumption that newdev does not shadow origdev")
2024-06-22unschroot: create an /etc/hosts unless it existsHelmut Grohne
Software has a reasonable assumption that localhost as well as the current hostname resolves to an IP address. Without an /etc/hosts file, this is not the case and makes some builds such as src:ovn fail.
2024-06-22unschroot: add argument --isolate-networkHelmut Grohne
This is where unschroot becomes incompatible with schroot as schroot does not have this option. The idea is that unschroot becomes feature-compatible with sbuild --chroot-mode=unshare and that requires supporting network isolation. To make use of this, sbuild needs to be extended to pass this flag when it sees a "Type unshare" chroot that is not normally exposed from regular schroot.
2024-06-22add function enable_loopback_ifHelmut Grohne
It can be used in a new network namespace to enable the loopback network interface and thus provide easy network isolation.
2024-06-21unschroot: enable opening /dev/stdoutHelmut Grohne
When stdout is an (unnamed) pipe, it usually has permission 0o644. Since we change uids, /dev/stdout cannot be opened unless we chmod it first. This causes some packages such as supervisor to fail to build.
2024-06-16populate_dev: also provide /dev/shmHelmut Grohne
This is needed e.g. for Python's multiprocessing.SemLock.
2024-06-16examples/userchroot.py: correctly bind mount proc and sysHelmut Grohne
Fixes: be42cb03f861 ("add userchroot.py example")
2024-06-16populate_dev: install /dev/fdHelmut Grohne
This symlink turns out to be important for execveat. Its NOTES section details that /dev/fd needs to work in order for execveat to work. We better provide this symlink.
2024-06-11fix formatting and spelling errorsHelmut Grohne
No functional changes.
2024-06-11improve typingHelmut Grohne
linuxnamespaces/__init__.py: * linuxnamespaces.filedescriptor only exports FileDescriptor. By importing *, we re-export it implicitly. linuxnamespaces/atlocation.py: * PathLike should be parameterized and we no longer allow bytes there. linuxnamespaces/tarutils.py: * Resolve dict vs Mapping. tests/test_simple.py: * Establish expected type to mypy. examples/unschroot.py: * pidfd is first an int and later a FileDescriptor, but we always use it as int. * Also tell mypy that we cannot get NULL from waitid.
2024-06-11unschroot: add a pid 1 that reaps zombiesHelmut Grohne
While sbuild --chroot-mode=unshare opted for installing dumb-init, we'll keep the environment minimal and have a dumb-init written in perl-base, which happens to be essential still. Unfortunately, we cannot wait for our target process from our main process as the target process is a child of our perl init. Therefore our perl init must forward the exit code.
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-17 17:33:46 +0000