| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-05-25 | examples/chrootfuse.py: fix file descriptor leak | Helmut Grohne | |
| Fixes: f01c7690de8e ("add example chrootfuse2fs.py") | |||
| 2024-05-18 | examples/netnsslirp.py: simplify termination of slirp4netns | Helmut Grohne | |
| 2024-05-10 | Revert "examples/chroottar.py: harden against tars with high uids" | Helmut Grohne | |
| This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47. We really deal with two user namespaces. The initial/parent process maps the target id range plus the current user id. The child process that executes the workload only maps the target id range without the current user id. The child opens the tar file while it still is in the initial namespace, then unshares and once it only has the subid range mapped, it performs the extraction. No clamping is necessary at this point. The parent process maps additionally maps the current id in order to write the tar file. | |||
| 2024-05-09 | add linuxnamespaces.tarinfo.XAttrTarFile | Helmut Grohne | |
| This is a mixin subclass for TarFile that enables it to restore and apply linux extended attributes as PAX headers in the SCHILY.xattr.* format. As a consequence, this enables us to process tar archives containing file system capabilities. | |||
| 2024-05-09 | add linuxnamespaces.tarutils | Helmut Grohne | |
| Move the generic tar utilities from the chroottar.py example into a linuxnamespaces module as dealing with tar archives is a fairly common thing when dealing with namespaces. | |||
| 2024-05-07 | mount: allow data argument to be a list | Helmut Grohne | |
| 2024-05-06 | chroottar.py: don't raise NotImplementedError for misuse | Helmut Grohne | |
| The mode actually can only have these three distinct literals. While more complex modes can get passed to TarFile.open, they're decomposed there and only of these three is passed to the compressor openers. | |||
| 2024-05-06 | chroottar.py: implement Tarfile.zstopen for fileobj | Helmut Grohne | |
| zstandard.open actually consumes file objects. Hence there is little benefit in not implementing the passing of a fileobj even though we don't use it here. | |||
| 2024-05-06 | examples/cgroup.py: use the assigned cgroup | Helmut Grohne | |
| Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example") | |||
| 2024-04-23 | lift the dbus functionality from the cgroup example | Helmut Grohne | |
| 2024-04-19 | examples/cgroup.py: support jeepney as an alternative to ravel | Helmut Grohne | |
| 2024-04-19 | examples/cgroup.py: use asyncio.run | Helmut Grohne | |
| 2024-04-19 | examples/cgroup.py: do not fail when ravel is unavailable | Helmut Grohne | |
| 2024-04-18 | examples/cgroup.py: we should pass Delegate=true | Helmut Grohne | |
| 2024-04-18 | examples/cgroup.py: extract a context manager waiting for systemd jobs | Helmut Grohne | |
| 2024-04-04 | add an example for unsharing a PID namespace | Helmut Grohne | |
| 2024-03-03 | add function for prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, ...) | Helmut Grohne | |
| 2024-03-02 | fix typos | Jakub Wilk | |
| 2024-03-02 | examples/chroottar.py: make pylint happier | Helmut Grohne | |
| 2024-03-01 | add rudimentary prctl syscall wrapper | Helmut Grohne | |
| 2024-02-25 | spell check | Helmut Grohne | |
| 2024-02-21 | examples/chrootfuse2fs.py: generalize to allow squashfs | Helmut Grohne | |
| 2024-02-21 | examples/cgroup.py: drive ravel using asyncio | Helmut Grohne | |
| 2024-02-21 | add function linuxnamespaces.populate_sys | Helmut Grohne | |
| 2024-02-15 | MountFlags: support conversion to and from a textual representation | Helmut Grohne | |
| The textual representation matches util-linux. Not all flag values can be represented textually. | |||
| 2024-02-02 | examples/userchroot.py: delete unused function | Helmut Grohne | |
| 2024-02-01 | add examples/cgroup.py: writeable cgroup hierarchy | Helmut Grohne | |
| 2024-01-31 | examples/chroottar.py: add explanations for non-trivial aspects | Helmut Grohne | |
| 2024-01-31 | examples/chroottar.py: harden against tars with high uids | Helmut Grohne | |
| 2024-01-31 | examples/chroottar.py: improve typing precision | Helmut Grohne | |
| 2024-01-27 | examples/chroottar.py: support saving a tar after working inside | Helmut Grohne | |
| 2024-01-27 | examples/chroottar.py: allow opening non-zstd tars | Helmut Grohne | |
| When decompression fails, we should raise a tarfile.ReadError rather than a zstandard.ZstdError. Otherwise, tarfile gives up guessing. | |||
| 2024-01-26 | improve examples/chroottar.py | Helmut Grohne | |
| * Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files. | |||
| 2024-01-26 | add examples/fakeroot.py | Helmut Grohne | |
| 2024-01-25 | examples/chroottar.py: work when TMPDIR is private | Helmut Grohne | |
| When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown). | |||
| 2024-01-25 | new example chroottar.py | Helmut Grohne | |
| 2024-01-25 | fix examples/chrootfuse2fs.py | Helmut Grohne | |
| * Add execute bit * Consume first positional argument | |||
| 2024-01-22 | add example chrootfuse2fs.py | Helmut Grohne | |
| 2024-01-22 | provide default for IDAllocation.allocation map arg target | Helmut Grohne | |
| Most frequently, the root user is allocated. | |||
| 2024-01-19 | add example for a network namespace with slirp4netns | Helmut Grohne | |
| 2024-01-18 | add userchroot.py example | Helmut Grohne | |
| 2024-01-18 | add withallsubuids.py example | Helmut Grohne | |
 |
index : ~helmut/python-linuxnamespaces.git | |
| Python module for working with Linux namespaces | Helmut Grohne |
| summaryrefslogtreecommitdiff |