RubyGems - hrr_rb_lxns - Versions diffs - 0.1.1 → 0.2.0 - Mend

hrr_rb_lxns 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8243b5243363dd383204313c4487478786834e46ff9a3c1be7f90b2c5f77052
-  data.tar.gz: daa322824dc8a8c75a80213d37739b44e223a09647d73502c5b448b014629df1
+  metadata.gz: f96ad9d7f1439e815c23aebf272ff8ca0984dba7ec9775e22483d33a390e82b1
+  data.tar.gz: 0eba5185a5c6c23660b69acd7982b5982830a50e2dad726b09c1f89f93325780
 SHA512:
-  metadata.gz: 948f4793805ee19b20cd5da1fc1f9acff00c065829708bc9f1fb26e947917214e480b6ad8c86d955863dcb0e10a5413f335fa9270dcdf2c816f6ba0d4d2e12a6
-  data.tar.gz: 3a74b885cff6c12dcd179b6ee697d4e0da73f078f6dab6e3de8358e913ef0caa556ad104d05ff188eec848b3e804862fcb818e9da68cd7b0d64c59697347825b
+  metadata.gz: af3f529c576999c3f11371b0ea4ffaf59ad62f0500185a3b238026d41744251732f24d1123590f981d9eeb260188599358b626fd634d69f25a13aafe5cfbb694
+  data.tar.gz: d28a267db5871149c88a145aef192612d8f007826670ded888b5a96836593211431cf4d038e6fb314427ccefdc3dba7dd5b3439b14374f36a6d813dad201a0da

data/README.md CHANGED Viewed

@@ -45,6 +45,39 @@ File.readlink "/proc/self/ns/uts"   # => uts:[xxx]
 File.readlink "/proc/self/ns/mnt"   # => mnt:[yyy]
 ```
+HrrRbLxns.unshare supports creating persistent namespaces files by bind-mount. The files are specified in an options hash. The keys which are available in the hash for each namespace are `:mount`, `:uts`, `:ipc`, `:network`, `:pid`, `:user`, `:cgroup`, and `:time`.
+Note that files that namespaces are bind-mounted must exist. The library does just bind-mount, not create the files. And the files and their mount information are kept after the caller process is finished.
+When unsharing pid namespace, the namespace file should be bind-mounted against the caller's child process. For this case, `:fork` option is supported.
+```ruby
+File.readlink "/proc/self/ns/uts"            # => uts:[aaa]
+# Prepare an options hash to specify a file that namespaces are bind-mounted
+options = {:uts => "/path/to/myns/uts"}
+HrrRbLxns.unshare HrrRbLxns::NEWUTS, options # => 0
+File.readlink "/proc/self/ns/uts"            # => uts:[xxx]
+File.stat(options[:uts]).ino                 # => xxx
+# For mount namespace, the parent directory's propagation needs to be private
+FileUtils.mkdir "/path/to/myns"
+HrrRbMount.bind "/path/to/myns" "/path/to/myns"
+HrrRbMount.make_private "/path/to/myns"
+FileUtils.touch "/path/to/myns/mnt"
+options = {:mount => "/path/to/myns/mnt"}
+HrrRbLxns.unshare HrrRbLxns::NEWNS, options # => 0
+# For pid namespace, :fork option is available
+options = {:pid => "/path/to/myns/pid", :fork => true}
+# .unshare method with :fork option works like Kernel.#fork after unshare(2)
+if pid = HrrRbLxns.unshare HrrRbLxns::NEWPID, options
+  # In parent, .unshare returns the child process's PID (In this case, it is 1 because unsharing PID namespace)
+  # Do something
+  Process.waitpid pid
+else
+  # In child, .unshare returns nil
+  # Do something
+end
+```
 ### Setns
 HrrRbLxns.setns method wraps around setns(2) system call. The system call associate the caller process's namespace to an existing one, which is disassociated by some other process.

data/hrr_rb_lxns.gemspec CHANGED Viewed

@@ -21,4 +21,6 @@ Gem::Specification.new do |spec|
   end
   spec.require_paths = ["lib"]
   spec.extensions    = ["ext/hrr_rb_lxns/extconf.rb"]
+  spec.add_dependency "hrr_rb_mount", ">= 0.3.0"
 end

data/lib/hrr_rb_lxns/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module HrrRbLxns
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/hrr_rb_lxns.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "hrr_rb_lxns/version"
 require "hrr_rb_lxns/hrr_rb_lxns"
+require "hrr_rb_mount"
 # Utilities working with Linux namespaces for CRuby.
 module HrrRbLxns
@@ -33,14 +34,29 @@ module HrrRbLxns
   #   "U" : NEWUSER <br>
   #   "C" : NEWCGROUP <br>
   #   "T" : NEWTIME <br>
-  # @param options [Hash] For future use.
-  # @return [Integer] 0.
+  # @param options [Hash] Optional arguments.
+  # @option options [String] :mount   A persistent mount namespace to be created by bind mount.
+  # @option options [String] :uts     A persistent uts namespace to be created by bind mount.
+  # @option options [String] :ipc     A persistent ipc namespace to be created by bind mount.
+  # @option options [String] :network A persistent network namespace to be created by bind mount.
+  # @option options [String] :pid     A persistent pid namespace to be created by bind mount.
+  # @option options [String] :user    A persistent user namespace to be created by bind mount.
+  # @option options [String] :cgroup  A persistent cgroup namespace to be created by bind mount.
+  # @option options [String] :time    A persistent time namespace to be created by bind mount.
+  # @option options [Boolean] :fork If specified, the caller process forks after unshare.
+  # @return [Integer, nil] Usually 0. If :fork is specified in options, then PID of the child process in parent, nil in child (as same as Kernel.#fork).
   # @raise [ArgumentError] When given flags argument is not appropriate.
   # @raise [Errno::EXXX] In case unshare(2) system call failed.
   def self.unshare flags, options={}
     _flags = interpret_flags flags
-    __unshare__ _flags
+    bind_ns_files_from_child(_flags, options) do
+      if fork? options
+        __unshare__ _flags
+        fork
+      else
+        __unshare__ _flags
+      end
+    end
   end
   # A wrapper around setns(2) system call.
@@ -120,6 +136,88 @@ module HrrRbLxns
     end
   end
+  def self.fork? options
+    options[:fork]
+  end
+  def self.bind_ns_files? options
+    list = Array.new
+    list.push :ipc     if const_defined?(:NEWIPC)
+    list.push :mount   if const_defined?(:NEWNS)
+    list.push :network if const_defined?(:NEWNET)
+    list.push :pid     if const_defined?(:NEWPID)
+    list.push :uts     if const_defined?(:NEWUTS)
+    list.push :user    if const_defined?(:NEWUSER)
+    list.push :cgroup  if const_defined?(:NEWCGROUP)
+    list.push :time    if const_defined?(:NEWTIME)
+    (list & options.keys).empty?.!
+  end
+  # In some cases, namespace files need to be created by an external process.
+  # Thus, this method calls fork and the child process creates the namespace files.
+  def self.bind_ns_files_from_child flags, options
+    if bind_ns_files? options
+      pid_to_bind = Process.pid
+      pid = nil
+      begin
+        io_r, io_w = IO.pipe
+        if pid = fork
+          ret = yield
+          io_w.write "1"
+          io_w.close
+          if pid_to_bind == Process.pid
+            _, status = Process.waitpid2 pid
+            raise Marshal.load(io_r.read) if status.exitstatus != 0
+          end
+          ret
+        else
+          begin
+            exit_status = true
+            io_r.read 1
+            bind_ns_files flags, options, pid_to_bind
+          rescue Exception => e
+            exit_status = false
+            io_w.write Marshal.dump(e)
+          ensure
+            exit! exit_status
+          end
+        end
+      ensure
+        io_w.write "1" rescue nil # just in case getting an error before io_w.write
+        io_w.close     rescue nil
+        io_r.close     rescue nil
+        if pid_to_bind == Process.pid
+          begin
+            Process.waitpid pid
+          rescue Errno::ECHILD
+          end
+        end
+      end
+    else
+      yield
+    end
+  end
+  def self.bind_ns_files flags, options, pid
+    list = Array.new
+    list.push ["ipc",    NEWIPC,    :ipc    ] if const_defined?(:NEWIPC)
+    list.push ["mnt",    NEWNS,     :mount  ] if const_defined?(:NEWNS)
+    list.push ["net",    NEWNET,    :network] if const_defined?(:NEWNET)
+    list.push ["pid",    NEWPID,    :pid    ] if const_defined?(:NEWPID)
+    if File.exist? "/proc/#{pid}/ns/pid_for_children"
+      list.last[0] = "pid_for_children"
+    end
+    list.push ["uts",    NEWUTS,    :uts    ] if const_defined?(:NEWUTS)
+    list.push ["user",   NEWUSER,   :user   ] if const_defined?(:NEWUSER)
+    list.push ["cgroup", NEWCGROUP, :cgroup ] if const_defined?(:NEWCGROUP)
+    list.push ["time",   NEWTIME,   :time   ] if const_defined?(:NEWTIME)
+    list.each do |name, flag, key|
+      if (flags & flag).zero?.! && options[key]
+        HrrRbMount.bind "/proc/#{pid}/ns/#{name}", options[key]
+      end
+    end
+  end
   def self.do_setns nstype_file_h
     nstype_file_h.each do |nstype, file|
       File.open(file, File::RDONLY) do |f|

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: hrr_rb_lxns
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - hirura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-02 00:00:00.000000000 Z
-dependencies: []
+date: 2020-04-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hrr_rb_mount
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 description: Utilities working with Linux namespaces for CRuby.
 email:
 - hirura@gmail.com