From ccc087a1fe4447ed44d32d1a4ae61f4cf266c5a6 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Thu, 4 Apr 2024 11:03:12 +0200
Subject: add an example for unsharing a PID namespace

---
 examples/pidns.py | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100755 examples/pidns.py

(limited to 'examples/pidns.py')

diff --git a/examples/pidns.py b/examples/pidns.py
new file mode 100755
index 0000000..d926d87
--- /dev/null
+++ b/examples/pidns.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python3
+# Copyright 2024 Helmut Grohne <helmut@subdivi.de>
+# SPDX-License-Identifier: GPL-3
+
+"""Create a pid namespace and provide a matching /proc view. As a consequence,
+user and mount namespaces will be unshared as well.
+
+This is similar to unshare --user --pid --mount-proc.
+"""
+
+import os
+import signal
+import sys
+
+if __file__.split("/")[-2:-1] == ["examples"]:
+    sys.path.insert(0, "/".join(__file__.split("/")[:-2]))
+
+import linuxnamespaces
+
+
+def main() -> None:
+    namespaces = (
+        linuxnamespaces.CloneFlags.NEWUSER
+        | linuxnamespaces.CloneFlags.NEWNS
+        | linuxnamespaces.CloneFlags.NEWPID
+    )
+    linuxnamespaces.unshare_user_idmap_nohelper(0, 0, namespaces)
+    pid = os.fork()
+    if pid == 0:
+        linuxnamespaces.prctl_set_pdeathsig(signal.SIGTERM)
+        linuxnamespaces.populate_proc("/", "/", namespaces)
+        os.execlp(os.environ["SHELL"], os.environ["SHELL"])
+    else:
+        _, status = os.waitpid(pid, 0)
+        sys.exit(os.waitstatus_to_exitcode(status))
+
+
+if __name__ == "__main__":
+    main()
-- 
cgit v1.2.3