Python wrapper for setns Linux syscall.
Project description
pysetns
pysetns
- is a Python wrapper for the Linux setns
system call.
See the manual for an introduction to setns
and namespaces.
IMPORTANT!
setns
requires execution from ROOT!
Requirements
- Python 3.6+
Installing
pip install pysetns
Building
To build for your platform:
python -m build
pip install dist/<target_tar or wheel>
Usage
See examples
class pysetns.Namespace(*args, **kwargs)
-
__init__(target_pid, ns_types=NS_ALL, target_gid=None, target_uid=None, do_fork=False, true_user=False, keep_caps=False):
target_pid (int | str)
The pid of the process whose namespace you want to accessns_types (int)
Namespace types to be accessed. These are bitwise. NS_ALL included all of this:- NS_TIME - time namespace (since Linux 5.8)
- NS_MNT - mount namespace group (since Linux 3.8)
- NS_CGROUP - cgroup namespace (since Linux 4.6)
- NS_UTS - utsname namespace (since Linux 3.0)
- NS_IPC - ipc namespace (since Linux 3.0)
- NS_USER - user namespace (since Linux 3.8)
- NS_PID - pid namespace (since Linux 3.8)
- NS_NET - network namespace (since Linux 3.0)
target_gid (int)
andtarget_uid (int)
The GID and UID of the user you want to access inNS_USER
as. If None, the GID and UID of the process owner will be useddo_fork (bool)
Enter into the namespace in a separate process. If ns_type includes NS_USER or NS_PID, entering into the namespace will be done in a separate process anddo_fork
value is ignoredtrue_user (bool)
If False (default), entering into NS_USER will be done by simply switching to target GID and UID (target_gid, target_uid), otherwise through a system call, but then returning from the namespace will not be possible and the program will need to be terminated.keep_caps (bool)
Preserve root capabilities if you need to perform an action on behalf of a user with administrator rights. Only relevant if ns_types includes NS_USER
-
enter(target, *args, **kwargs)
Enter into namespace and execute target function with its args and kwargs. Exiting namespaces will happen automatically. But if this needs to be done inside the target function, pass the namespace object as one of the parameters to it and call the exit() method. If an error occurs while entering into namespace, it will be written to the errors attribute in the format "ns_type: error", and if it was not the only ns_type, work will continue. Errors caused by the operation of the target function will be ignored, so take care of them yourself. -
exit(errcode=0)
Exit from namespace and set the errcode if required. You usually don't need to call this function yourself. If the errcode is set to 11 (EAGAIN
), the retry attribute will be set to True.
get_ns_string(ns_types)
Represents namespace types ns_types in string view.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.