procszoo

Release 0.97.2a1

python module to operate Linux namespaces

Homepage PyPI Python

Keywords
linux, container, namespace, sandbox, process
License
GPL-2.0+
Install
pip install procszoo==0.97.2a1

Documentation

About

Join the chat at https://gitter.im/procszoo/Lobby

Procszoo is a small Python module that gives you full power to manage your processes by Linux namespaces.

Contents

Goals

Procszoo aims to provide you a simple but complete tool and you can use it as a DSL or an embedded programming language which let you operate Linux namespaces by Python.

Procszoo gives a smart init program. I get it from baseimage-docker. Thanks a lot, you guys.

Procszoo does not require new version Python (but we support python3, too) and Linux kernel.

Resources

  • IRC channel: #procszoo on freenode.net

Requirements

Procszoo only requires Python standard libraries and the following packages

# if you want python3, pls install following package's python3 version
# on RHEL/CentOS >= 6
sudo yum -y install autoconf gcc make glibc-headers
sudo yum -y install python-devel python-setuptools
# Debain/Ubuntu
sudo apt-get -y install autoconf gcc make libc6-dev
sudo appt-get -y install python-dev python-setuptools

Install

  1. You can install the procszoo by setuptools

    git clone https://github.com/xning/procszoo.git
cd procszoo && sudo ./setup.py install

  2. You can install the procszoo by pip

    sudo pip install procszoo

Building

If you don't want to install it, then you can just clone it and do as follows to try it,

git clone https://github.com/xning/procszoo.git
cd procszoo && make

By default, the above command will build the program for your default Python version. If you want to build for another Python version, just specify your desired Python interpretor through the PYTHON variable of the make command. Eg. To build for Python 3:

make PYTHON=/usr/bin/python3

If you will clone the procszoo in your home directory, On the RHEL/CentOS/Scientific Linux/Fedora, the default mode of your home directory is 0400, this will cause trouble, hence change it

chmod go+rx ${HOME}

Try It

Now you can try it in an interactive shell as follows (we suppose you installed the procszoo)

richard_parker -l                       # what namsepaces are available?
richard_parker --available-c-functions  # what C functions are available?
richard_parker                          # get an interactive shell

If your Linux kernel doesn't support "user" namespaces, e.g., RHEL6/CentOS6, RHEL7/CentOS7, you need super user privileges

sudo richard_parker

And now, you can check sth that we are in namespaces

  • programs get small pids, e.g., 1, 2, etc., and there is only lo device and it is down

    ps -ef 
ifconfig -a

  • open another terminal, we can see that the namespaces entries are different from our namespaces

    ls -l /proc/self/ns

  • if the kernel support and enable "user" namespaces, we are superuser now

    id

  • if you have trouble to try the above steps, please reference Known Issues.

Getting Your Feet Wet with the procszoo module

If you want to enable each namespaces that your kernel supports

from procszoo.c_functions import *

if __name__ == "__main__":
    spawn_namespaces()

If you need run your own program instead of an interactive shell, 

from procszoo.c_functionss import *

if __name__ == "__main__":
    spawn_namespaces(nscmd=path_to_your_program)

Networks

Let's add network to the new namespaces.

Because we will mount namespaces entries by the bind flag, we need run richard_parker as the super user.

Except the shell that richard_parker will open, we need another interactive shell to make veth devices and add them to the new "net" namespace.

  • create a mount point

    mkdir /tmp/ns

  • create namespaces

    sudo richard_parker --ns-bind-dir=/tmp/ns

  • in richard_parker, configure the lo device

    ip link set lo up

  • in a new terminal, remount the /tmp/ns/net to /var/run/netns/net so ip command could operate it

    [ -d /var/run/netns ] | sudo mkdir -p  /var/run/netns
sudo touch /var/run/netns/ns
sudo mount --bind /tmp/ns/net /var/run/netns/ns

  • in the new terminal, create two devices and set one of it to the new namespace in a new terminal

    sudo ip link add veth0 type veth peer name veth1
sudo ip link set dev veth1 netns ns

  • in the new terminal, configure veth0 device

    sudo ip link set veth0 up
sudo ip addr add 192.168.0.10/24 broadcast 192.168.0.255 dev veth0

  • in richard_parker, configure veth1

    ip link set veth1 up
ip addr add 192.168.0.11/24 broadcast 192.168.0.255 dev veth1

  • let's say "hello" from the new terminal

    ping -c 3 192.168.0.11

  • let's say "hello" from richard_parker

    ping -c 3 192.168.0.10

Docs

Known Issues

  • os.execv complains "permission deny"

    If running richard_parker failed on RHEL/CentOS/Fedora, and get following error message like this

        os.execv(...)
OSError: [Errno 13] Permission denied

    That's not a bug, please see the comment.

  • "ip netns" failed on RHRL6/CentOS6 and gave error messages as follows

    Object "nets" is unknown, try "ip help".

    We need a more latest iproute package, to do that pls reference here

Exported Functions, Objects, and Helpful CLI

The procszoo.utils exported following functions and objects, and I don't think that you need learn them all

  • objects

    • workbench

  • key functions

  • helpful functions

    • atfork
    • sched_getcpu
    • mount
    • umount
    • umount2
    • unshare
    • setns
    • gethostname
    • sethostname
    • getdomainname
    • setdomainname
    • pivot_root
    • to_unicode
    • to_bytes
    • adjust_namespaces
    • get_namespace
    • get_available_propagations
    • get_uid_from_name_or_uid
    • get_gid_from_name_or_gid
    • get_uid_by_name
    • get_gid_by_name
    • get_name_by_uid
    • get_name_by_gid
    • get_current_users_and_groups
    • getresuid
    • getresgid
    • setresuid
    • setresgid
    • show_namespaces_status
    • show_available_c_functions
    • cgroup_namespace_available
    • ipc_namespace_available
    • net_namespace_available
    • mount_namespace_available
    • pid_namespace_available
    • user_namespace_available
    • uts_namespace_available
    • unregister_fork_handlers

  • Exceptions

    • CFunctionBaseException
    • CFunctionNotFound
    • NamespaceGenericException
    • UnknownNamespaceFound
    • UnavailableNamespaceFound
    • NamespaceSettingError

  • Helpful CLI

Test Platforms

I test the richard_parker and these scripts in tests/ on following archs

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
4
Latest release
First release
Stars
12
Forks
7
Watchers
3
Contributors
3
Repository size
276 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.97.2a1
0.97.2
0.1.1
0.97.1

Contributors

xning Yuxiang Zhu The Gitter Badger


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-19 17:34:48 UTC

Login to resync this project