| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
It provides part of the functionality of MountFlags.tostr.
|
|
This allows opening /proc as an O_PATH descriptor, then locking a
process up and then still writing idmaps by accessing the now
inaccessible /proc via the retained file descriptor.
|
|
They bring similarity to their pathlib.Path counterparts.
|
|
|
|
|
|
|
|
|
|
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
|
|
Fixes: 30a111639ce6 ("expand use of FileDescriptor and add FileDescriptorLike type alias")
|
|
|
|
When accepting file descriptors, non-int objects with a fileno method
are now generally accepted. When returning a file descriptor, a
FileDescriptor instance is now returned.
|
|
|
|
When both fd and location are given, it would previously ignore the fd
component. To properly implement that, we must open and fchdir.
|
|
|
|
The "mustnegate" field was a bit strange and it was only ever set in the
default value used for the lookup. Remove it and express its semantics
in code instead.
|
|
|
|
|
|
Fixes: b0874c6086f1 ("lift the dbus functionality from the cgroup example")
Fixes: bb83f3fe1bec ("add examples/cgroup.py: writeable cgroup hierarchy")
|
|
|
|
The PIDs property receives integers. Since the guessing code did not
handle integers, it would fail immediately.
|
|
|
|
The systemd test suite does not like having no access to /sys/dev and
other trees related to devices. Optionally provide them. Properly
virtualizing them likely requires lxcfs or similar.
|
|
We now compute the actual bind mounts first and deduce the directories
in need of creation from that. This makes populate_sys easier to extend.
|
|
Fixes: 8b98dc846e7b ("populate_dev: remove assumption that newdev does not shadow origdev")
|
|
It can be used in a new network namespace to enable the loopback network
interface and thus provide easy network isolation.
|
|
This is needed e.g. for Python's multiprocessing.SemLock.
|
|
This symlink turns out to be important for execveat. Its NOTES section
details that /dev/fd needs to work in order for execveat to work. We
better provide this symlink.
|
|
No functional changes.
|
|
linuxnamespaces/__init__.py:
* linuxnamespaces.filedescriptor only exports FileDescriptor. By
importing *, we re-export it implicitly.
linuxnamespaces/atlocation.py:
* PathLike should be parameterized and we no longer allow bytes there.
linuxnamespaces/tarutils.py:
* Resolve dict vs Mapping.
tests/test_simple.py:
* Establish expected type to mypy.
examples/unschroot.py:
* pidfd is first an int and later a FileDescriptor, but we always use
it as int.
* Also tell mypy that we cannot get NULL from waitid.
|
|
|
|
Allow reserving a particular range instead of allocating a suitable
large range of an IDAllocation. This is useful when a directory
hierarchy defines the allocation and we merely want to verify it to be
assigned.
|
|
It serves two main purposes. For one thing, it allows telling bare
integers and file descriptors apart on a typing level similar to a
NewType. For another it adds common methods to a file descriptor and
enables closing it via a context manager.
|
|
|
|
It is a bit like an async version of shutil.copyfileobj but for bare
file descriptors and has an optimized version for pipes.
|
|
os.splice from Python >= 3.10 is good enough.
This reverts commit 056c1f964f55adedc17f8d7bddef1f48c73852c7.
|
|
|
|
|
|
|
|
When booting systemd, it'll create these symlinks, but when doing an
application container, nothing does this and we risk creating regular
files there.
|
|
This is a mixin subclass for TarFile that enables it to restore and
apply linux extended attributes as PAX headers in the SCHILY.xattr.*
format. As a consequence, this enables us to process tar archives
containing file system capabilities.
|
|
Move the generic tar utilities from the chroottar.py example into a
linuxnamespaces module as dealing with tar archives is a fairly common
thing when dealing with namespaces.
|
|
|
|
|
|
|
|
Passing None as name also yields libc functions.
|
|
|
|
|
|
|
