Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-02-01 | add examples/cgroup.py: writeable cgroup hierarchy | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: add explanations for non-trivial aspects | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: harden against tars with high uids | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: improve typing precision | Helmut Grohne | |
2024-01-27 | pyproject.toml: document optional dependency zstandard | Helmut Grohne | |
2024-01-27 | examples/chroottar.py: support saving a tar after working inside | Helmut Grohne | |
2024-01-27 | examples/chroottar.py: allow opening non-zstd tars | Helmut Grohne | |
When decompression fails, we should raise a tarfile.ReadError rather than a zstandard.ZstdError. Otherwise, tarfile gives up guessing. | |||
2024-01-26 | add some metadata to a first pyproject.toml | Helmut Grohne | |
2024-01-26 | improve examples/chroottar.py | Helmut Grohne | |
* Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files. | |||
2024-01-26 | add examples/fakeroot.py | Helmut Grohne | |
2024-01-25 | examples/chroottar.py: work when TMPDIR is private | Helmut Grohne | |
When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown). | |||
2024-01-25 | new example chroottar.py | Helmut Grohne | |
2024-01-25 | fix examples/chrootfuse2fs.py | Helmut Grohne | |
* Add execute bit * Consume first positional argument | |||
2024-01-25 | linuxnamespaces.run_in_fork: use os._exit instead of sys.exit | Helmut Grohne | |
When using sys.exit, we actually raise a SystemExit exception and as a consequence exit all context managers. If a particular context manager pertains only the process at hand, we don't really care, because our process is supposed to vanish. If a context manager changes external state such as tempfile.NamedTemporaryFile, this is very bad and unexpected. We need to ensure that such cleanup is not performed. This also simplifies the test suite that had to emulate this behaviour already as pytest uses a context manager. | |||
2024-01-22 | add example chrootfuse2fs.py | Helmut Grohne | |
2024-01-22 | provide default for IDAllocation.allocation map arg target | Helmut Grohne | |
Most frequently, the root user is allocated. | |||
2024-01-19 | add example for a network namespace with slirp4netns | Helmut Grohne | |
2024-01-19 | add convenience function unshare_user_idmap_nohelper | Helmut Grohne | |
2024-01-18 | add userchroot.py example | Helmut Grohne | |
2024-01-18 | add withallsubuids.py example | Helmut Grohne | |
2024-01-18 | initial checkin | Helmut Grohne | |