summaryrefslogtreecommitdiff
path: root/examples
AgeCommit message (Collapse)Author
2024-05-25examples/chrootfuse.py: fix file descriptor leakHelmut Grohne
Fixes: f01c7690de8e ("add example chrootfuse2fs.py")
2024-05-18examples/netnsslirp.py: simplify termination of slirp4netnsHelmut Grohne
2024-05-10Revert "examples/chroottar.py: harden against tars with high uids"Helmut Grohne
This reverts commit a169f51420795a212c3226f455e783ab8ac5cf47. We really deal with two user namespaces. The initial/parent process maps the target id range plus the current user id. The child process that executes the workload only maps the target id range without the current user id. The child opens the tar file while it still is in the initial namespace, then unshares and once it only has the subid range mapped, it performs the extraction. No clamping is necessary at this point. The parent process maps additionally maps the current id in order to write the tar file.
2024-05-09add linuxnamespaces.tarinfo.XAttrTarFileHelmut Grohne
This is a mixin subclass for TarFile that enables it to restore and apply linux extended attributes as PAX headers in the SCHILY.xattr.* format. As a consequence, this enables us to process tar archives containing file system capabilities.
2024-05-09add linuxnamespaces.tarutilsHelmut Grohne
Move the generic tar utilities from the chroottar.py example into a linuxnamespaces module as dealing with tar archives is a fairly common thing when dealing with namespaces.
2024-05-07mount: allow data argument to be a listHelmut Grohne
2024-05-06chroottar.py: don't raise NotImplementedError for misuseHelmut Grohne
The mode actually can only have these three distinct literals. While more complex modes can get passed to TarFile.open, they're decomposed there and only of these three is passed to the compressor openers.
2024-05-06chroottar.py: implement Tarfile.zstopen for fileobjHelmut Grohne
zstandard.open actually consumes file objects. Hence there is little benefit in not implementing the passing of a fileobj even though we don't use it here.
2024-05-06examples/cgroup.py: use the assigned cgroupHelmut Grohne
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
2024-04-23lift the dbus functionality from the cgroup exampleHelmut Grohne
2024-04-19examples/cgroup.py: support jeepney as an alternative to ravelHelmut Grohne
2024-04-19examples/cgroup.py: use asyncio.runHelmut Grohne
2024-04-19examples/cgroup.py: do not fail when ravel is unavailableHelmut Grohne
2024-04-18examples/cgroup.py: we should pass Delegate=trueHelmut Grohne
2024-04-18examples/cgroup.py: extract a context manager waiting for systemd jobsHelmut Grohne
2024-04-04add an example for unsharing a PID namespaceHelmut Grohne
2024-03-03add function for prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, ...)Helmut Grohne
2024-03-02fix typosJakub Wilk
2024-03-02examples/chroottar.py: make pylint happierHelmut Grohne
2024-03-01add rudimentary prctl syscall wrapperHelmut Grohne
2024-02-25spell checkHelmut Grohne
2024-02-21examples/chrootfuse2fs.py: generalize to allow squashfsHelmut Grohne
2024-02-21examples/cgroup.py: drive ravel using asyncioHelmut Grohne
2024-02-21add function linuxnamespaces.populate_sysHelmut Grohne
2024-02-15MountFlags: support conversion to and from a textual representationHelmut Grohne
The textual representation matches util-linux. Not all flag values can be represented textually.
2024-02-02examples/userchroot.py: delete unused functionHelmut Grohne
2024-02-01add examples/cgroup.py: writeable cgroup hierarchyHelmut Grohne
2024-01-31examples/chroottar.py: add explanations for non-trivial aspectsHelmut Grohne
2024-01-31examples/chroottar.py: harden against tars with high uidsHelmut Grohne
2024-01-31examples/chroottar.py: improve typing precisionHelmut Grohne
2024-01-27examples/chroottar.py: support saving a tar after working insideHelmut Grohne
2024-01-27examples/chroottar.py: allow opening non-zstd tarsHelmut Grohne
When decompression fails, we should raise a tarfile.ReadError rather than a zstandard.ZstdError. Otherwise, tarfile gives up guessing.
2024-01-26improve examples/chroottar.pyHelmut Grohne
* Drop supplementary groups. Very likely, those are not mapped inside and they cannot cause much good. * Sane permission for the root directory. Otherwise no non-root user can access any files.
2024-01-26add examples/fakeroot.pyHelmut Grohne
2024-01-25examples/chroottar.py: work when TMPDIR is privateHelmut Grohne
When TMPDIR has restrictive permissions, the namespace may be unable to access the leading components. Thus we put the supervisor process handling the cleanup into a different namespace that has all the ids plus the current uid mapped. It'll then be able to perform the cleanup (and the initial chown).
2024-01-25new example chroottar.pyHelmut Grohne
2024-01-25fix examples/chrootfuse2fs.pyHelmut Grohne
* Add execute bit * Consume first positional argument
2024-01-22add example chrootfuse2fs.pyHelmut Grohne
2024-01-22provide default for IDAllocation.allocation map arg targetHelmut Grohne
Most frequently, the root user is allocated.
2024-01-19add example for a network namespace with slirp4netnsHelmut Grohne
2024-01-18add userchroot.py exampleHelmut Grohne
2024-01-18add withallsubuids.py exampleHelmut Grohne