| Age | Commit message (Collapse) | Author |
|---|
|
The systemd test suite does not like having no access to /sys/dev and
other trees related to devices. Optionally provide them. Properly
virtualizing them likely requires lxcfs or similar.
|
|
We now compute the actual bind mounts first and deduce the directories
in need of creation from that. This makes populate_sys easier to extend.
|
|
Fixes: 8b98dc846e7b ("populate_dev: remove assumption that newdev does not shadow origdev")
|
|
It can be used in a new network namespace to enable the loopback network
interface and thus provide easy network isolation.
|
|
This is needed e.g. for Python's multiprocessing.SemLock.
|
|
This symlink turns out to be important for execveat. Its NOTES section
details that /dev/fd needs to work in order for execveat to work. We
better provide this symlink.
|
|
No functional changes.
|
|
linuxnamespaces/__init__.py:
* linuxnamespaces.filedescriptor only exports FileDescriptor. By
importing *, we re-export it implicitly.
linuxnamespaces/atlocation.py:
* PathLike should be parameterized and we no longer allow bytes there.
linuxnamespaces/tarutils.py:
* Resolve dict vs Mapping.
tests/test_simple.py:
* Establish expected type to mypy.
examples/unschroot.py:
* pidfd is first an int and later a FileDescriptor, but we always use
it as int.
* Also tell mypy that we cannot get NULL from waitid.
|
|
|
|
Allow reserving a particular range instead of allocating a suitable
large range of an IDAllocation. This is useful when a directory
hierarchy defines the allocation and we merely want to verify it to be
assigned.
|
|
It serves two main purposes. For one thing, it allows telling bare
integers and file descriptors apart on a typing level similar to a
NewType. For another it adds common methods to a file descriptor and
enables closing it via a context manager.
|
|
|
|
It is a bit like an async version of shutil.copyfileobj but for bare
file descriptors and has an optimized version for pipes.
|
|
When booting systemd, it'll create these symlinks, but when doing an
application container, nothing does this and we risk creating regular
files there.
|
|
|
|
|
|
|
|
|
|
This mirrors what was done for pathlib.Path to avoid confusion about
argument order.
|
|
As we learn from util-linux, MS_RDONLY is ignored on MS_BIND. Rather
than remount, just use the new mount API as it doesn't suffer this
limitation.
|
|
|
|
In particular, one can now pass newdev = origdev.
|
|
|
|
Fixes: 1de72653e0b9 ("add function linuxnamespaces.populate_sys")
|
|
|
|
|
|
pathlib.Path(somebytes) fails. Hence bytes is not actually convertible
and should not be included in PathConvertible. Then, we can simplify
matters in quite a few places by knowing that the thing we work with is
not bytes.
|
|
When using sys.exit, we actually raise a SystemExit exception and as a
consequence exit all context managers. If a particular context manager
pertains only the process at hand, we don't really care, because our
process is supposed to vanish. If a context manager changes external
state such as tempfile.NamedTemporaryFile, this is very bad and
unexpected. We need to ensure that such cleanup is not performed.
This also simplifies the test suite that had to emulate this behaviour
already as pytest uses a context manager.
|
|
Most frequently, the root user is allocated.
|
|
|
|
|
