pyspaces 1.3.1

Create process in linux namespaces

Works with Linux namespaces througth glibc with pure python

discuss: reddit, habrahabr

Goals

There is so many beautiful tools like docker, rocket and vagga written on go and rust, but no one on python. I think that is because there is no easy way to works with linux namespaces on python:

• you can use asylum - project that looks like dead and with codebase hosted not on mainstream hub like github

• or you can use python-libvirt bindings with big layer of abstraction

• or just use native glibc library with ctypes

• otherwise subprocess.Popen your choice

I want to change it: i want to create native python bindings to glibc with interface of python multiprocessing.Process.

PS: you can look at python-nsenter too, it’s looks awesome.

PPS: new project from author of asylum - butter

Example

First simple example:

import os
from pyspaces import Container


def execute(argv):
    os.execvp(argv[0], argv)

cmd = "mount -t proc proc /proc; ps ax"
c = Container(target=execute, args=(('bash', '-c', cmd),),
              uid_map='0 1000 1',
              newpid=True, newuser=True, newns=True
              )
c.start()
print("PID of child created by clone() is %ld\n" % c.pid)
c.join()
print("Child returned: pid %s, status %s" % (c.pid, c.exitcode))

output:

PID of child created by clone() is 15978

PID TTY      STAT   TIME COMMAND
1   pts/19   S+     0:00 bash -c mount -t proc proc /proc; ps ax
3   pts/19   R+     0:00 ps ax

Child returned: pid 15978, status 0

CLI

space -v execute --pid --mnt --user --uid '0 1000 1' bash -c 'mount -t proc /proc; ps ax'

space chroot --pid --uid '0 1000 1' ~/.local/share/lxc/ubuntu/rootfs/ /bin/ls /home/

sudo space inject --net --mnt 19840 bash

Note: If the program you’re trying to exec is dynamic linked, and the dynamic linker is not present in /lib in the chroot environment - you would get the “OSError: [Errno 2] No such file or directory” error. You’d need all the other files the dynamic-linked program depends on, including shared libraries and any essential configuration/table/etc in the new root directories. src

TODO

• [x] clone & Container

• [x] CLI

• [x] Chroot

• [ ] process list

• [x] inject

• [ ] move CLI to separate package

• [ ] addons

• [ ] support for lxc, vagga, rocket, docker, etc…

• [ ] …

• [ ] one tool for rule them all!!1