Linux/Unix>> pyspaces>> 返回
项目作者: Friz-zy

项目描述 :
Works with Linux namespaces througth glibc with pure python
高级语言: Python
项目地址: git://github.com/Friz-zy/pyspaces.git
创建时间: 2015-04-12T08:59:23Z
项目社区:https://github.com/Friz-zy/pyspaces
开源协议:Other
下载


pyspaces

Works with Linux namespaces through glibc with pure python

License
Latest Version
Downloads
Docs

discuss: reddit, habrahabr

Goals

There is so many beautiful tools like docker, rocket and vagga written in go and rust, but none in python.
I think that is because there is no easy way to work with linux namespaces in python:

  • you can use asylum - a project that looks dead and with a codebase hosted not on mainstream hub like github
  • or you can use the python-libvirt bindings with a big layer of abstraction
  • or just use the native glibc library with ctypes
  • otherwise subprocess.Popen — your choice

I want to change this: I want to create native python bindings to glibc with interface of python multiprocessing.Process.

PS: you can look at python-nsenter too, it’s looks awesome.

PPS: new project from author of asylum - butter

Example

First simple example:

  1. import os
  2. from pyspaces import Container
  5. def execute(argv):
  6.     os.execvp(argv[0], argv)
  8. cmd = "mount -t proc proc /proc; ps ax"
  9. c = Container(target=execute, args=(('bash', '-c', cmd),),
  10.               uid_map='0 1000 1',
  11.               newpid=True, newuser=True, newns=True
  12.               )
  13. c.start()
  14. print("PID of child created by clone() is %ld\n" % c.pid)
  15. c.join()
  16. print("Child returned: pid %s, status %s" % (c.pid, c.exitcode))

output:

  1. PID of child created by clone() is 15978
  3. PID TTY      STAT   TIME COMMAND
  4. 1   pts/19   S+     0:00 bash -c mount -t proc proc /proc; ps ax
  5. 3   pts/19   R+     0:00 ps ax
  7. Child returned: pid 15978, status 0

CLI

  1. space execute -v --pid --mnt --user --uid 1000 --gid 1000 bash -c 'mount -t proc /proc; ps ax'
  1. space chroot --pid --uid '0 1000 1' ~/.local/share/lxc/ubuntu/rootfs/ /bin/ls /home/
  1. space inject --net --mnt 19840 bash

Note: If the program you’re trying to exec is dynamically linked, and the dynamic linker is not present in /lib in the chroot environment - you will get the following error: “OSError: [Errno 2] No such file or directory”. You need all the other files the dynamic-linked program depends on, including shared libraries and any essential configuration/tables/etc in the new root directories. src

Security

Read this article please

Changelog

on github
digest

TODO

  • namespaces: clone & Container
  • CLI
  • Chroot
  • setns & inject
  • cgroups
  • SCM: apparmor & selinux
  • capabilities
  • mount
  • network
  • move CLI to separate package
  • addons
  • container list
  • support for lxc, vagga, rocket, docker, etc…
  • one tool for rule them all!!1