summaryrefslogtreecommitdiff
path: root/linuxnamespaces
AgeCommit message (Collapse)Author
2024-05-20syscalls: use >= 3.10 support for eventfds in os moduleHelmut Grohne
2024-05-17add a splice syscall wrapperHelmut Grohne
2024-05-17add prctl_set_child_subreaperHelmut Grohne
2024-05-17populate_dev: also create std{in,out,err} symlinksHelmut Grohne
When booting systemd, it'll create these symlinks, but when doing an application container, nothing does this and we risk creating regular files there.
2024-05-09add linuxnamespaces.tarinfo.XAttrTarFileHelmut Grohne
This is a mixin subclass for TarFile that enables it to restore and apply linux extended attributes as PAX headers in the SCHILY.xattr.* format. As a consequence, this enables us to process tar archives containing file system capabilities.
2024-05-09add linuxnamespaces.tarutilsHelmut Grohne
Move the generic tar utilities from the chroottar.py example into a linuxnamespaces module as dealing with tar archives is a fairly common thing when dealing with namespaces.
2024-05-07mount: allow data argument to be a listHelmut Grohne
2024-05-06syscalls: allow logging of syscallsHelmut Grohne
2024-04-23lift the dbus functionality from the cgroup exampleHelmut Grohne
2024-04-04avoid hard coding the soname of the libcHelmut Grohne
Passing None as name also yields libc functions.
2024-04-04add method AtLocation.as_emptypath for cloning a locationHelmut Grohne
2024-04-04add syscall wrapper for prctl(PR_SET_PDEATHSIG, ...)Helmut Grohne
2024-04-04add function populate_procHelmut Grohne
2024-04-04document security implications of populate_* functionsHelmut Grohne
2024-04-03AtLocation.walk: add support for AT_EMPTY_PATHHelmut Grohne
2024-04-03AtLocation.walk: emit nofllow flag when follow_symlinks=FalseHelmut Grohne
2024-04-03AtLocation.readlink: require AT_SYMLINK_NOFOLLOWHelmut Grohne
It does not make sense to read a link after having followed it.
2024-04-02improve AtLocation.join semanticsHelmut Grohne
Also allow joining an AtLocation. When doing that note that any kind of absolute location object (absolute path without fd and any location with an fd) results in just that latter location just like os.path.join returns the latter path when it is absolute. Fixes: 034f732a1af4 ("initial checkin")
2024-04-02a few formatting and typo fixesHelmut Grohne
2024-04-02add documentation regarding resource management of AtLocationsHelmut Grohne
2024-04-02fix logic error in AtLocation.statHelmut Grohne
Fixes: 1c265b6e11c3 ("add os.stat wrapper AtLocation.stat")
2024-03-24AtLocation.mkdir: support optional arguments from pathlibHelmut Grohne
2024-03-22add convenience functions for stat to AtLocationLikeHelmut Grohne
These are the is_* family and exists all from pathlib.Path.
2024-03-22add os.stat wrapper AtLocation.statHelmut Grohne
2024-03-16add an asyncio variant of run_in_forkHelmut Grohne
2024-03-14rename AtLocation.symlink to symlink_toHelmut Grohne
This mirrors what was done for pathlib.Path to avoid confusion about argument order.
2024-03-12work around mypy misdetection on bookwormHelmut Grohne
2024-03-11add method AtLocation.is_absoluteHelmut Grohne
This is similar to pathlib.Path.is_absolute.
2024-03-07add AtLocation.rename method wrapping os.renameHelmut Grohne
2024-03-07add AtLocation.link method wrapping os.linkHelmut Grohne
2024-03-03add function for prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, ...)Helmut Grohne
2024-03-03implement repr for AtLocationHelmut Grohne
2024-03-02fix typosJakub Wilk
2024-03-01add rudimentary prctl syscall wrapperHelmut Grohne
2024-03-01fix read-only bind_mountHelmut Grohne
As we learn from util-linux, MS_RDONLY is ignored on MS_BIND. Rather than remount, just use the new mount API as it doesn't suffer this limitation.
2024-02-25spell checkHelmut Grohne
2024-02-24populate_dev: remove assumption that newdev does not shadow origdevHelmut Grohne
In particular, one can now pass newdev = origdev.
2024-02-23delete unused importsHelmut Grohne
2024-02-21fix logic error in populate_sysHelmut Grohne
Fixes: 1de72653e0b9 ("add function linuxnamespaces.populate_sys")
2024-02-21improve error handling in linuxnamespaces.populate_devHelmut Grohne
2024-02-21add function linuxnamespaces.populate_sysHelmut Grohne
2024-02-21revoke the false promise that bytes would be convertible to PathHelmut Grohne
pathlib.Path(somebytes) fails. Hence bytes is not actually convertible and should not be included in PathConvertible. Then, we can simplify matters in quite a few places by knowing that the thing we work with is not bytes.
2024-02-16add an async read method to EventFDHelmut Grohne
Adding an async write does not work for values larger than 1, because the fd becomes writable once a value of 1 can be written, but a larger value might still cause EAGAIN putting us into a busy loop. Hitting the limit with writing ones is implausible, so async code can just use the synchronous write method.
2024-02-15MountFlags: support conversion to and from a textual representationHelmut Grohne
The textual representation matches util-linux. Not all flag values can be represented textually.
2024-01-25linuxnamespaces.run_in_fork: use os._exit instead of sys.exitHelmut Grohne
When using sys.exit, we actually raise a SystemExit exception and as a consequence exit all context managers. If a particular context manager pertains only the process at hand, we don't really care, because our process is supposed to vanish. If a context manager changes external state such as tempfile.NamedTemporaryFile, this is very bad and unexpected. We need to ensure that such cleanup is not performed. This also simplifies the test suite that had to emulate this behaviour already as pytest uses a context manager.
2024-01-22provide default for IDAllocation.allocation map arg targetHelmut Grohne
Most frequently, the root user is allocated.
2024-01-19add convenience function unshare_user_idmap_nohelperHelmut Grohne
2024-01-18initial checkinHelmut Grohne
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 04:08:36 +0000