From 928c4a94de0302634c66d8a559fc6ac26d21e5af Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Sat, 22 Jun 2024 22:56:53 +0200 Subject: populate_sys: allow device access The systemd test suite does not like having no access to /sys/dev and other trees related to devices. Optionally provide them. Properly virtualizing them likely requires lxcfs or similar. --- examples/cgroup.py | 11 +++++++---- examples/unschroot.py | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'examples') diff --git a/examples/cgroup.py b/examples/cgroup.py index 5fa5df6..219dc62 100755 --- a/examples/cgroup.py +++ b/examples/cgroup.py @@ -50,14 +50,17 @@ def main() -> None: linuxnamespaces.systemd.reexec_as_transient_unit( properties={"Delegate": True} ) + namespaces = ( + linuxnamespaces.CloneFlags.NEWUSER + | linuxnamespaces.CloneFlags.NEWNS + | linuxnamespaces.CloneFlags.NEWCGROUP + ) linuxnamespaces.unshare_user_idmap( [linuxnamespaces.IDMapping(os.getuid(), os.getuid(), 1)], [linuxnamespaces.IDMapping(os.getgid(), os.getgid(), 1)], - linuxnamespaces.CloneFlags.NEWUSER - | linuxnamespaces.CloneFlags.NEWNS - | linuxnamespaces.CloneFlags.NEWCGROUP, + namespaces, ) - linuxnamespaces.populate_sys("/", "/", mycgroup) + linuxnamespaces.populate_sys("/", "/", namespaces, mycgroup) os.execlp(os.environ["SHELL"], os.environ["SHELL"]) diff --git a/examples/unschroot.py b/examples/unschroot.py index 59c0ce4..7ad0bed 100755 --- a/examples/unschroot.py +++ b/examples/unschroot.py @@ -243,7 +243,7 @@ def do_run_session(args: argparse.Namespace) -> None: os.setuid(0) linuxnamespaces.bind_mount(".", "/mnt", recursive=True) os.chdir("/mnt") - linuxnamespaces.populate_sys("/", ".") + linuxnamespaces.populate_sys("/", ".", ns) linuxnamespaces.populate_proc("/", ".", ns) linuxnamespaces.populate_dev( "/", ".", tun=bool(ns & linuxnamespaces.CloneFlags.NEWNET) -- cgit v1.2.3