demos: add demo userns-block-fd.py

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #101 Approved by: alexlarsson
author: Giuseppe Scrivano <gscrivan@redhat.com> 2017-06-21 16:47:05 +0200
committer: Atomic Bot <atomic-devel@projectatomic.io> 2017-06-29 23:02:32 +0000
commit: 0bffcf1679900bb0189b4ec3837b775f21991a2d (patch)
tree: d4fb570bb394930e233dffebe7131d37924e3b34
parent: 6724b418e9563816648f5ed59ecd9e2e6969b2e4 (diff)
download: bubblewrap-0bffcf1679900bb0189b4ec3837b775f21991a2d.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/demos/userns-block-fd.py b/demos/userns-block-fd.py
new file mode 100755
index 0000000..0677a0d
--- /dev/null
+++ b/demos/userns-block-fd.py
@@ -0,0 +1,36 @@
+#!/bin/python
+
+import os, select, subprocess, json
+
+pipe_info = os.pipe()
+userns_block = os.pipe()
+
+pid = os.fork()
+
+if pid != 0:
+    os.close(pipe_info[1])
+    os.close(userns_block[0])
+
+    select.select([pipe_info[0]], [], [])
+
+    data = json.load(os.fdopen(pipe_info[0]))
+    child_pid = str(data['child-pid'])
+
+    subprocess.call(["newuidmap", child_pid, "0", str(os.getuid()), "1"])
+    subprocess.call(["newgidmap", child_pid, "0", str(os.getgid()), "1"])
+
+    os.write(userns_block[1], '1')
+else:
+    os.close(pipe_info[0])
+    os.close(userns_block[1])
+
+    args = ["bwrap",
+            "bwrap",
+            "--unshare-all",
+            "--unshare-user",
+            "--userns-block-fd", "%i" % userns_block[0],
+            "--info-fd", "%i" % pipe_info[1],
+            "--bind", "/", "/",
+            "cat", "/proc/self/uid_map"]
+
+    os.execl(*args)
author	Giuseppe Scrivano <gscrivan@redhat.com>	2017-06-21 16:47:05 +0200
committer	Atomic Bot <atomic-devel@projectatomic.io>	2017-06-29 23:02:32 +0000
commit	0bffcf1679900bb0189b4ec3837b775f21991a2d (patch)
tree	d4fb570bb394930e233dffebe7131d37924e3b34
parent	6724b418e9563816648f5ed59ecd9e2e6969b2e4 (diff)
download	bubblewrap-0bffcf1679900bb0189b4ec3837b775f21991a2d.tar.gz