Linux namespace relationships library
Project description
Linux Kernel Namespace Relations
NOTE: Python 3.6+ supported only
This Python 3 package allows discovering the following Linux Kernel
namespace relationships and properties, without having to delve into
ioctl() hell:
- the owning user namespace of another Linux kernel namespace.
- the parent namespace of either a user or a PID namespace.
- type of a Linux kernel namespace: user, PID, network, ...
- owner user ID of a user namespace.
See also ioctl() operations for Linux namespaces for more background information of the namespace operations exposed by this Python library.
Installation
$ pip3 install linuxns-rel
API Documentation
Please head over to our linuxns_rel API documentation on GitHub Pages.
CLI Examples
List User Namespaces
$ lsuserns
may yield something like this, a pretty hierarchy of Linux kernel user namespaces:
user:[4026531837] owner root (0)
├── user:[4026532696] owner foobar (1000)
├── user:[4026532638] owner foobar (1000)
├── user:[4026532582] owner foobar (1000)
│ └── user:[4026532639] owner foobar (1000)
│ └── user:[4026532640] owner foobar (1000)
│ └── user:[4026532641] owner foobar (1000)
├── user:[4026532466] owner foobar (1000)
│ └── user:[4026532464] owner foobar (1000)
├── user:[4026532523] owner foobar (1000)
└── user:[4026532583] owner foobar (1000)
If you have either Chromium or/and Firefox running, then these will add some user namespaces in order to sandbox their inner workings. And to add in some more hierarchical user namespaces, in another terminal session simply issue the following command:
$ unshare -Ur unshare -Ur unshare -Ur unshare -Ur
Debian users may need to sudo because their distro's default
configuration prohibits ordinary users to create new user namespaces.
List PID Namespaces
$ lspidns
shows the PID namespace hierarchy, such as:
pid:[4026531836] owner user:[4026531837] root (0)
└── pid:[4026532467] owner user:[4026532466] foobar (1000)
├── pid:[4026532465] owner user:[4026532464] foobar (1000)
├── pid:[4026532526] owner user:[4026532464] foobar (1000)
└── pid:[4026532581] owner user:[4026532464] foobar (1000)
Don't worry that the PID namespace hierarchy doesn't match the user
namespace hierarchy. That's perfectly fine, depending on which programs
run. In our example, we didn't create new PID namespaces when using
unshare, so we see only additional PID namespaces created by
Chromium (Firefox doesn't create them though).
Potentially FAQs
-
Q: Why do
get_userns()andget_parentns()return file objects (TextIO) instead of filesystem paths?A: Because that's what the Linux namespace-related
ioctl()functions are giving us: open file descriptors referencing namespaces in the specialnsfsnamespace filesystem. There are no paths associated with them. -
Q: What argument types do
get_nstype(),get_userns(),get_parentns(), andget_owner_uid()expect?A: Choose your weapon:
- a filesystem path (name), such as
/proc/self/ns/user, - an open file object (
TextIO), such as returned byopen(), - an open file descriptor, such as returned by
fileno()methods.
- a filesystem path (name), such as
-
Q: Why does
get_parentns()throw an PermissionError?A: There are multiple causes:
- you didn't specify a PID or user namespace,
- the parent namespace either doesn't exist,
- or the parent namespace is inaccessible to you,
- oh, you really have no access to the namespace reference.
-
Q: Why does
get_userns()throw an PermissionError?A: You don't have access to the owning user namespace.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for linuxns_rel-1.0.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4d5cf242a0d5945300728322a6fd9cde7287ce57ae6fe6e20051a0cb167937b2 |
|
| MD5 | 991f7f14c264bae2860cc996c19673f2 |
|
| BLAKE2b-256 | b3bb49ca3884a8a8a1b39b501ae271748c46ebead2c518884f4147f559f7519b |
