Skip to content
This repository has been archived by the owner on Jul 6, 2023. It is now read-only.
/ pyspaces Public archive

Works with Linux namespaces througth glibc with pure python

License

View license
87 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Friz-zy/pyspaces

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

74 Commits

docs

docs

 
 

pyspaces

pyspaces

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

mkdocs.yml

mkdocs.yml

 
 

security.md

security.md

 
 

setup.py

setup.py

 
 

Repository files navigation

pyspaces

Works with Linux namespaces through glibc with pure python

License Latest Version Downloads Docs

discuss: reddit, habrahabr

Goals

There is so many beautiful tools like docker, rocket and vagga written in go and rust, but none in python. I think that is because there is no easy way to work with linux namespaces in python:

  • you can use asylum - a project that looks dead and with a codebase hosted not on mainstream hub like github
  • or you can use the python-libvirt bindings with a big layer of abstraction
  • or just use the native glibc library with ctypes
  • otherwise subprocess.Popen -- your choice

I want to change this: I want to create native python bindings to glibc with interface of python multiprocessing.Process.

PS: you can look at python-nsenter too, it's looks awesome.

PPS: new project from author of asylum - butter

Example

First simple example:

import os
from pyspaces import Container


def execute(argv):
    os.execvp(argv[0], argv)

cmd = "mount -t proc proc /proc; ps ax"
c = Container(target=execute, args=(('bash', '-c', cmd),),
              uid_map='0 1000 1',
              newpid=True, newuser=True, newns=True
              )
c.start()
print("PID of child created by clone() is %ld\n" % c.pid)
c.join()
print("Child returned: pid %s, status %s" % (c.pid, c.exitcode))

output:

PID of child created by clone() is 15978

PID TTY      STAT   TIME COMMAND
1   pts/19   S+     0:00 bash -c mount -t proc proc /proc; ps ax
3   pts/19   R+     0:00 ps ax

Child returned: pid 15978, status 0

CLI

space execute -v --pid --mnt --user --uid 1000 --gid 1000 bash -c 'mount -t proc /proc; ps ax'
space chroot --pid --uid '0 1000 1' ~/.local/share/lxc/ubuntu/rootfs/ /bin/ls /home/
space inject --net --mnt 19840 bash

Note: If the program you're trying to exec is dynamically linked, and the dynamic linker is not present in /lib in the chroot environment - you will get the following error: "OSError: [Errno 2] No such file or directory". You need all the other files the dynamic-linked program depends on, including shared libraries and any essential configuration/tables/etc in the new root directories. src

Security

Read this article please

Changelog

on github
digest

TODO

  • namespaces: clone & Container
  • CLI
  • Chroot
  • setns & inject
  • cgroups
  • SCM: apparmor & selinux
  • capabilities
  • mount
  • network
  • move CLI to separate package
  • addons
  • container list
  • support for lxc, vagga, rocket, docker, etc...
  • ...
  • one tool for rule them all!!1

About

Works with Linux namespaces througth glibc with pure python

Topics

python containers glibc linux-namespaces

Resources

Readme

License

View license

Security policy

Security policy
Activity

Stars

87 stars

Watchers

7 watching

Forks

12 forks
Report repository

Releases

13 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages