| Age | Commit message (Collapse) | Author |
|---|
|
While sbuild --chroot-mode=unshare opted for installing dumb-init, we'll
keep the environment minimal and have a dumb-init written in perl-base,
which happens to be essential still. Unfortunately, we cannot wait for
our target process from our main process as the target process is a
child of our perl init. Therefore our perl init must forward the exit
code.
|
|
Before this change, it could happen that we'd call
prctl_set_child_subreaper before our parent actually died. Thus we'd
quickly get the death signal. The additional synchronization point
ensures that our previous parent process has been waited for (and thus
we are reparented) before installing the death signal.
|
|
Any existing type would be an invalid promise. While sbuild parses the
type, it also currently throws its value away and does not base any
decisions on it. With the new value, it could recognize unschroot and
opt into new features.
|
|
* Tag sessions as "Session Purged". This causes sbuild to skip
uninstalling build-depends and other cleanup.
* Always emit "Aliases" even when empty as we get a warning from sbuild
otherwise.
|
|
Fixes: a1cc59818088 ("add example "unschroot.py"")
|
|
While this mostly provides the schroot API and adds its own semantics
around ~/.cache/unschroot, please do not consider examples a stable
interface but a room for experimentation and incompatible changes.
|
|
Two tests were failing pytest --cov, because they would sandbox
themselves in a way that writing the coverage db would be impossible.
Change them such that they retain access to the coverage database.
|
|
|
|
Allow reserving a particular range instead of allocating a suitable
large range of an IDAllocation. This is useful when a directory
hierarchy defines the allocation and we merely want to verify it to be
assigned.
|
|
Fixes: f01c7690de8e ("add example chrootfuse2fs.py")
|
|
It serves two main purposes. For one thing, it allows telling bare
integers and file descriptors apart on a typing level similar to a
NewType. For another it adds common methods to a file descriptor and
enables closing it via a context manager.
|
|
|
|
|
|
It is a bit like an async version of shutil.copyfileobj but for bare
file descriptors and has an optimized version for pipes.
|
|
os.splice from Python >= 3.10 is good enough.
This reverts commit 056c1f964f55adedc17f8d7bddef1f48c73852c7.
|
|
|
|
|
|
|
|
|
|
When booting systemd, it'll create these symlinks, but when doing an
application container, nothing does this and we risk creating regular
files there.
|
|
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47.
We really deal with two user namespaces. The initial/parent process maps
the target id range plus the current user id. The child process that
executes the workload only maps the target id range without the current
user id. The child opens the tar file while it still is in the initial
namespace, then unshares and once it only has the subid range mapped, it
performs the extraction. No clamping is necessary at this point. The
parent process maps additionally maps the current id in order to write
the tar file.
|
|
This is a mixin subclass for TarFile that enables it to restore and
apply linux extended attributes as PAX headers in the SCHILY.xattr.*
format. As a consequence, this enables us to process tar archives
containing file system capabilities.
|
|
Move the generic tar utilities from the chroottar.py example into a
linuxnamespaces module as dealing with tar archives is a fairly common
thing when dealing with namespaces.
|
|
|
|
The mode actually can only have these three distinct literals. While
more complex modes can get passed to TarFile.open, they're decomposed
there and only of these three is passed to the compressor openers.
|
|
|
|
zstandard.open actually consumes file objects. Hence there is little
benefit in not implementing the passing of a fileobj even though we
don't use it here.
|
|
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Passing None as name also yields libc functions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mypy wants type annotations for every def. As we only call another
function, we may pass it to the decorator directly and shut up mypy.
|
|
|
|
|
|
|
|
It does not make sense to read a link after having followed it.
|
|
Also allow joining an AtLocation. When doing that note that any kind of
absolute location object (absolute path without fd and any location with
an fd) results in just that latter location just like os.path.join
returns the latter path when it is absolute.
Fixes: 034f732a1af4 ("initial checkin")
|
|
|
|
|
|
Fixes: 1c265b6e11c3 ("add os.stat wrapper AtLocation.stat")
|
