summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-03-02examples/chroottar.py: make pylint happierHelmut Grohne
2024-03-01add rudimentary prctl syscall wrapperHelmut Grohne
2024-03-01fix read-only bind_mountHelmut Grohne
As we learn from util-linux, MS_RDONLY is ignored on MS_BIND. Rather than remount, just use the new mount API as it doesn't suffer this limitation.
2024-02-25spell checkHelmut Grohne
2024-02-24populate_dev: remove assumption that newdev does not shadow origdevHelmut Grohne
In particular, one can now pass newdev = origdev.
2024-02-23tests: consider that EventFD.aread might not return a futureHelmut Grohne
2024-02-23delete unused importsHelmut Grohne
2024-02-21examples/chrootfuse2fs.py: generalize to allow squashfsHelmut Grohne
2024-02-21pyproject.toml: minimum python versionHelmut Grohne
We rely on PEP 585 and hence, 3.9 is a hard requirement.
2024-02-21examples/cgroup.py: drive ravel using asyncioHelmut Grohne
2024-02-21fix logic error in populate_sysHelmut Grohne
Fixes: 1de72653e0b9 ("add function linuxnamespaces.populate_sys")
2024-02-21improve error handling in linuxnamespaces.populate_devHelmut Grohne
2024-02-21add function linuxnamespaces.populate_sysHelmut Grohne
2024-02-21revoke the false promise that bytes would be convertible to PathHelmut Grohne
pathlib.Path(somebytes) fails. Hence bytes is not actually convertible and should not be included in PathConvertible. Then, we can simplify matters in quite a few places by knowing that the thing we work with is not bytes.
2024-02-16add an async read method to EventFDHelmut Grohne
Adding an async write does not work for values larger than 1, because the fd becomes writable once a value of 1 can be written, but a larger value might still cause EAGAIN putting us into a busy loop. Hitting the limit with writing ones is implausible, so async code can just use the synchronous write method.
2024-02-15MountFlags: support conversion to and from a textual representationHelmut Grohne
The textual representation matches util-linux. Not all flag values can be represented textually.
2024-02-02examples/userchroot.py: delete unused functionHelmut Grohne
2024-02-01add examples/cgroup.py: writeable cgroup hierarchyHelmut Grohne
2024-01-31examples/chroottar.py: add explanations for non-trivial aspectsHelmut Grohne
2024-01-31examples/chroottar.py: harden against tars with high uidsHelmut Grohne
2024-01-31examples/chroottar.py: improve typing precisionHelmut Grohne
2024-01-27pyproject.toml: document optional dependency zstandardHelmut Grohne
2024-01-27examples/chroottar.py: support saving a tar after working insideHelmut Grohne
2024-01-27examples/chroottar.py: allow opening non-zstd tarsHelmut Grohne
When decompression fails, we should raise a tarfile.ReadError rather than a zstandard.ZstdError. Otherwise, tarfile gives up guessing.
2024-01-26add some metadata to a first pyproject.tomlHelmut Grohne
2024-01-26improve examples/chroottar.pyHelmut Grohne
* Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files.
2024-01-26add examples/fakeroot.pyHelmut Grohne
2024-01-25examples/chroottar.py: work when TMPDIR is privateHelmut Grohne
When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown).
2024-01-25new example chroottar.pyHelmut Grohne
2024-01-25fix examples/chrootfuse2fs.pyHelmut Grohne
* Add execute bit * Consume first positional argument
2024-01-25linuxnamespaces.run_in_fork: use os._exit instead of sys.exitHelmut Grohne
When using sys.exit, we actually raise a SystemExit exception and as a consequence exit all context managers. If a particular context manager pertains only the process at hand, we don't really care, because our process is supposed to vanish. If a context manager changes external state such as tempfile.NamedTemporaryFile, this is very bad and unexpected. We need to ensure that such cleanup is not performed. This also simplifies the test suite that had to emulate this behaviour already as pytest uses a context manager.
2024-01-22add example chrootfuse2fs.pyHelmut Grohne
2024-01-22provide default for IDAllocation.allocation map arg targetHelmut Grohne
Most frequently, the root user is allocated.
2024-01-19add example for a network namespace with slirp4netnsHelmut Grohne
2024-01-19add convenience function unshare_user_idmap_nohelperHelmut Grohne
2024-01-18add userchroot.py exampleHelmut Grohne
2024-01-18add withallsubuids.py exampleHelmut Grohne
2024-01-18initial checkinHelmut Grohne