Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-03-02 | examples/chroottar.py: make pylint happier | Helmut Grohne | |
2024-03-01 | add rudimentary prctl syscall wrapper | Helmut Grohne | |
2024-03-01 | fix read-only bind_mount | Helmut Grohne | |
As we learn from util-linux, MS_RDONLY is ignored on MS_BIND. Rather than remount, just use the new mount API as it doesn't suffer this limitation. | |||
2024-02-25 | spell check | Helmut Grohne | |
2024-02-24 | populate_dev: remove assumption that newdev does not shadow origdev | Helmut Grohne | |
In particular, one can now pass newdev = origdev. | |||
2024-02-23 | tests: consider that EventFD.aread might not return a future | Helmut Grohne | |
2024-02-23 | delete unused imports | Helmut Grohne | |
2024-02-21 | examples/chrootfuse2fs.py: generalize to allow squashfs | Helmut Grohne | |
2024-02-21 | pyproject.toml: minimum python version | Helmut Grohne | |
We rely on PEP 585 and hence, 3.9 is a hard requirement. | |||
2024-02-21 | examples/cgroup.py: drive ravel using asyncio | Helmut Grohne | |
2024-02-21 | fix logic error in populate_sys | Helmut Grohne | |
Fixes: 1de72653e0b9 ("add function linuxnamespaces.populate_sys") | |||
2024-02-21 | improve error handling in linuxnamespaces.populate_dev | Helmut Grohne | |
2024-02-21 | add function linuxnamespaces.populate_sys | Helmut Grohne | |
2024-02-21 | revoke the false promise that bytes would be convertible to Path | Helmut Grohne | |
pathlib.Path(somebytes) fails. Hence bytes is not actually convertible and should not be included in PathConvertible. Then, we can simplify matters in quite a few places by knowing that the thing we work with is not bytes. | |||
2024-02-16 | add an async read method to EventFD | Helmut Grohne | |
Adding an async write does not work for values larger than 1, because the fd becomes writable once a value of 1 can be written, but a larger value might still cause EAGAIN putting us into a busy loop. Hitting the limit with writing ones is implausible, so async code can just use the synchronous write method. | |||
2024-02-15 | MountFlags: support conversion to and from a textual representation | Helmut Grohne | |
The textual representation matches util-linux. Not all flag values can be represented textually. | |||
2024-02-02 | examples/userchroot.py: delete unused function | Helmut Grohne | |
2024-02-01 | add examples/cgroup.py: writeable cgroup hierarchy | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: add explanations for non-trivial aspects | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: harden against tars with high uids | Helmut Grohne | |
2024-01-31 | examples/chroottar.py: improve typing precision | Helmut Grohne | |
2024-01-27 | pyproject.toml: document optional dependency zstandard | Helmut Grohne | |
2024-01-27 | examples/chroottar.py: support saving a tar after working inside | Helmut Grohne | |
2024-01-27 | examples/chroottar.py: allow opening non-zstd tars | Helmut Grohne | |
When decompression fails, we should raise a tarfile.ReadError rather than a zstandard.ZstdError. Otherwise, tarfile gives up guessing. | |||
2024-01-26 | add some metadata to a first pyproject.toml | Helmut Grohne | |
2024-01-26 | improve examples/chroottar.py | Helmut Grohne | |
* Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files. | |||
2024-01-26 | add examples/fakeroot.py | Helmut Grohne | |
2024-01-25 | examples/chroottar.py: work when TMPDIR is private | Helmut Grohne | |
When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown). | |||
2024-01-25 | new example chroottar.py | Helmut Grohne | |
2024-01-25 | fix examples/chrootfuse2fs.py | Helmut Grohne | |
* Add execute bit * Consume first positional argument | |||
2024-01-25 | linuxnamespaces.run_in_fork: use os._exit instead of sys.exit | Helmut Grohne | |
When using sys.exit, we actually raise a SystemExit exception and as a consequence exit all context managers. If a particular context manager pertains only the process at hand, we don't really care, because our process is supposed to vanish. If a context manager changes external state such as tempfile.NamedTemporaryFile, this is very bad and unexpected. We need to ensure that such cleanup is not performed. This also simplifies the test suite that had to emulate this behaviour already as pytest uses a context manager. | |||
2024-01-22 | add example chrootfuse2fs.py | Helmut Grohne | |
2024-01-22 | provide default for IDAllocation.allocation map arg target | Helmut Grohne | |
Most frequently, the root user is allocated. | |||
2024-01-19 | add example for a network namespace with slirp4netns | Helmut Grohne | |
2024-01-19 | add convenience function unshare_user_idmap_nohelper | Helmut Grohne | |
2024-01-18 | add userchroot.py example | Helmut Grohne | |
2024-01-18 | add withallsubuids.py example | Helmut Grohne | |
2024-01-18 | initial checkin | Helmut Grohne | |