| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| |/ |
|
| |
|
|
| |
This means the test suite actually works now.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
First, the user should get better errors now if it is not found:
sandboxlib.ProgramNotFound: Did not find 'linux-user-chroot' in
PATH. Searched '/sbin:/bin:/usr/sbin:/usr/bin'
Second, we explicitly search for the program on each call to
run_sandbox() using the same search code used in
sandbox_module_for_platform(). This shouldn't change anything, but I
think it's better practice to search for the program ourselves than to
assume exec('linux-user-chroot') will do the right thing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This means the linux_user_chroot backend doesn't depend on 'unshare' and
'mount' any more. This in turn means it can be used by non-root users, in
theory.
This limits what type of mounts the linux_user_chroot backend can do to
'proc', 'tmpfs' and bind mounts. Adding more types without going back to
needing 'root' for this backend will require changing linux-user-chroot
itself (or creating a separate setuid helper program).
|
| |
|
|
| |
Previously only 'none' (as a string) was allowed.
|
| | |
|
| |
|
|
|
| |
Rather than specifying the version number in setup.cfg, PBR will work it
out from the latest Git tag, which saves a lot of faff. PBR is excellent!
|
| |
|
|
|
| |
It looks like it adapts the scheme from http://www.semver.org/ in line
with pre-existing Python conventions, which is exactly what I wanted!
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Github supports either, but the Python Package Index (PyPI) only
understands reStructuredText. The Sphinx documentation tool also prefers
reStructuredTest so we may as well use it throughout.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Creating missing mountpoints is done later now, so that there's less
chance of them being created if bad sandbox configuration was passed.
The previous code didn't seem work correctly, probably because of
Python os.path.join() having the annoying behaviour of deleting all
previous path components if it finds one with a preceeding '/'.
|
| |
|
|
|
|
| |
This makes it easier to debug problems. The log domain 'sandboxlib' is
used, so callers can handle the log messages from 'sandboxlib' however
they want using the Python 'logging' API.
|
| |
|
|
|
|
|
|
|
| |
The idea with 'extra_env' was that all 'sandboxlib' sandboxes would have
a consistent base environment with standard PATH, etc. But that's not
really workable at all, and only PATH actually matters here anyway.
Now the caller passes in the entire environment as 'env', 'extra_env' is
gone.
|
| |
|
|
|
|
|
|
|
|
| |
I had hoped that we could provide access to a subprocess.Popen()
instance directly so users could do whatever they want with the .stdout
and .stderr pipes. However, that's not always possible (e.g. the chroot
backend can't return the Popen object it creates to the caller, because
it's in a different process).
The current approach isn't groundbreaking but it is quite simple.
|
| |
|
|
| |
This decides what is the best module to use on the current platform.
|
| | |
|
| | |
|
| |
|
|
| |
This is the last bit of API needed to be usable by YBD and Morph.
|
| | |
|
| |
|
|
|
|
| |
No need to do mounts inside the process that calls os.chroot(), and in
fact it's stupid because there's no guarantee of a /bin/umount existing
after we call os.chroot().
|
| |
|
|
| |
This is far from complete and has probably numerous issues right now.
|
| | |
|
| | |
|
| |
|
|
| |
This required a rewrite of the 'chroot' module.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Note that *sharing* the network is a different thing to *choosing not to
isolate* the network. The former implies networking will actually work
correctly, while the latter only implies that we didn't deliberately
break it. So the default network behaviour is 'undefined'.
The different backends have different capabilities, so I added a
maximum_possible_isolation() method to return whatever is the most
isolated configuration that a backend is capable of. I called this
function maximum_security() initially, but it doesn't actually guarantee
any kind of security at all so that wasn't a good name.
|
| | |
|
| |
|
|
|
|
|
|
| |
Set the AC_APP_NAME environment variable.
We fail to set AC_METADATA_URL, and since it's totally out of scope for
'sandboxlib' to provide a metadata sharing service, will continue to do
so.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also, set it correctly when running an App Container image.
|
| |
|
|
|
| |
This library is now enough to run a very simple App Container image,
using either 'chroot' or 'linux-user-chroot'.
|
| |
|
|
|
| |
Removed the App Container-specific stuff from 'chroot' module, and
added a copyright notice.
|
|
|
sandbox.py lets you create a .aci file (App Container Image) from a tar
file, that should run a given command when executed.
exec/chroot.py executes a .aci file (App Container Image).
I doubt that the produced .aci files are actually compatible with other
App Container ('appc') execution tools yet.
The executor will also be unable to run all but the simplest
applications that are packaged as .aci files.
Also, the process of untarring a .tar file to create a .aci, then
unpacking the .aci again to run it is very ineffecient.
Plus it is missing lots of important features.
But, it's a start.
|
