pysetns 0.2.1

Python wrapper for setns Linux syscall.

pysetns

pysetns - is a Python wrapper for the Linux setns system call.
See the manual for an introduction to setns and namespaces.

IMPORTANT!

setns requires execution from ROOT!

Requirements

• Python 3.6+

Installing

pip install pysetns

Building

To build for your platform:

python -m build
pip install dist/<target_tar or wheel>

Usage

See examples

class pysetns.Namespace(*args, **kwargs)

• __init__(target_pid, ns_types=NS_ALL, target_gid=None, target_uid=None, do_fork=False, true_user=False, keep_caps=False):

  • target_pid (int | str) The pid of the process whose namespace you want to access
  • ns_types (int) Namespace types to be accessed. These are bitwise. NS_ALL included all of this:
    • NS_TIME - time namespace (since Linux 5.8)
    • NS_MNT - mount namespace group (since Linux 3.8)
    • NS_CGROUP - cgroup namespace (since Linux 4.6)
    • NS_UTS - utsname namespace (since Linux 3.0)
    • NS_IPC - ipc namespace (since Linux 3.0)
    • NS_USER - user namespace (since Linux 3.8)
    • NS_PID - pid namespace (since Linux 3.8)
    • NS_NET - network namespace (since Linux 3.0)
  • target_gid (int) and target_uid (int) The GID and UID of the user you want to access in NS_USER as. If None, the GID and UID of the process owner will be used
  • do_fork (bool) Enter into the namespace in a separate process. If ns_type includes NS_USER or NS_PID, entering into the namespace will be done in a separate process and do_fork value is ignored
  • true_user (bool) If False (default), entering into NS_USER will be done by simply switching to target GID and UID (target_gid, target_uid), otherwise through a system call, but then returning from the namespace will not be possible and the program will need to be terminated.
  • keep_caps (bool) Preserve root capabilities if you need to perform an action on behalf of a user with administrator rights. Only relevant if ns_types includes NS_USER

• enter(target, *args, **kwargs)
  Enter into namespace and execute target function with its args and kwargs. Exiting namespaces will happen automatically. But if this needs to be done inside the target function, pass the namespace object as one of the parameters to it and call the exit() method. If an error occurs while entering into namespace, it will be written to the errors attribute in the format "ns_type: error", and if it was not the only ns_type, work will continue. Errors caused by the operation of the target function will be ignored, so take care of them yourself.

• exit(errcode=0)
  Exit from namespace and set the errcode if required. You usually don't need to call this function yourself. If the errcode is set to 11 (EAGAIN), the retry attribute will be set to True.

get_ns_string(ns_types)
    Represents namespace types ns_types in string view.