Procszoo is a small Python module that gives you full power to manage your processes by Linux namespaces.
- wiki
- Goals
- Resources
- Requirements
- Install
- Building
- Try It
- Getting Your Feet Wet with the procszoo Module
- Networks
- Docs
- Known Issues
- Exported Functions, Objects, and Helpful CLI
- Test Platforms
Procszoo aims to provide you a simple but complete tool and you can use it as a DSL or an embedded programming language which let you operate Linux namespaces by Python.
Procszoo gives a smart init program. I get it from baseimage-docker. Thanks a lot, you guys.
Procszoo does not require new version Python (but we support python3, too) and Linux kernel.
- IRC channel: #procszoo on freenode.net
Procszoo only requires Python standard libraries and the following packages
# if you want python3, pls install following package's python3 version
# on RHEL/CentOS >= 6
sudo yum -y install autoconf gcc make glibc-headers
sudo yum -y install python-devel python-setuptools
# Debain/Ubuntu
sudo apt-get -y install autoconf gcc make libc6-dev
sudo appt-get -y install python-dev python-setuptools
-
You can install the procszoo by setuptools
git clone https://github.com/xning/procszoo.git cd procszoo && sudo ./setup.py install
-
You can install the procszoo by pip
sudo pip install procszoo
If you don't want to install it, then you can just clone it and do as follows to try it,
git clone https://github.com/xning/procszoo.git
cd procszoo && make
By default, the above command will build the program for your default Python version.
If you want to build for another Python version, just specify your desired Python interpretor
through the PYTHON
variable of the make
command.
Eg. To build for Python 3:
make PYTHON=/usr/bin/python3
If you will clone the procszoo in your home directory, On the RHEL/CentOS/Scientific Linux/Fedora, the default mode of your home directory is 0400, this will cause trouble, hence change it
chmod go+rx ${HOME}
Now you can try it in an interactive shell as follows (we suppose you installed the procszoo)
richard_parker -l # what namsepaces are available?
richard_parker --available-c-functions # what C functions are available?
richard_parker # get an interactive shell
If your Linux kernel doesn't support "user" namespaces, e.g., RHEL6/CentOS6, RHEL7/CentOS7, you need super user privileges
sudo richard_parker
And now, you can check sth that we are in namespaces
-
programs get small pids, e.g., 1, 2, etc., and there is only lo device and it is down
ps -ef ifconfig -a
-
open another terminal, we can see that the namespaces entries are different from our namespaces
ls -l /proc/self/ns
-
if the kernel support and enable "user" namespaces, we are superuser now
id
-
if you have trouble to try the above steps, please reference Known Issues.
If you want to enable each namespaces that your kernel supports
from procszoo.c_functions import *
if __name__ == "__main__":
spawn_namespaces()
If you need run your own program instead of an interactive shell,
from procszoo.c_functionss import *
if __name__ == "__main__":
spawn_namespaces(nscmd=path_to_your_program)
Let's add network to the new namespaces.
Because we will mount namespaces entries by the bind flag, we need run richard_parker as the super user.
Except the shell that richard_parker will open, we need another interactive shell to make veth devices and add them to the new "net" namespace.
-
create a mount point
mkdir /tmp/ns
-
create namespaces
sudo richard_parker --ns-bind-dir=/tmp/ns
-
in richard_parker, configure the lo device
ip link set lo up
-
in a new terminal, remount the /tmp/ns/net to /var/run/netns/net so ip command could operate it
[ -d /var/run/netns ] | sudo mkdir -p /var/run/netns sudo touch /var/run/netns/ns sudo mount --bind /tmp/ns/net /var/run/netns/ns
-
in the new terminal, create two devices and set one of it to the new namespace in a new terminal
sudo ip link add veth0 type veth peer name veth1 sudo ip link set dev veth1 netns ns
-
in the new terminal, configure veth0 device
sudo ip link set veth0 up sudo ip addr add 192.168.0.10/24 broadcast 192.168.0.255 dev veth0
-
in richard_parker, configure veth1
ip link set veth1 up ip addr add 192.168.0.11/24 broadcast 192.168.0.255 dev veth1
-
let's say "hello" from the new terminal
ping -c 3 192.168.0.11
-
let's say "hello" from richard_parker
ping -c 3 192.168.0.10
-
os.execv complains "permission deny"
If running richard_parker failed on RHEL/CentOS/Fedora, and get following error message like this
os.execv(...) OSError: [Errno 13] Permission denied
That's not a bug, please see the comment.
-
"ip netns" failed on RHRL6/CentOS6 and gave error messages as follows
Object "nets" is unknown, try "ip help".
We need a more latest iproute package, to do that pls reference here
The procszoo.utils exported following functions and objects, and I don't think that you need learn them all
-
objects
- workbench
-
key functions
- spawn_namespaces
- check_namespaces_available_status
-
helpful functions
- atfork
- sched_getcpu
- mount
- umount
- umount2
- unshare
- setns
- gethostname
- sethostname
- getdomainname
- setdomainname
- pivot_root
- to_unicode
- to_bytes
- adjust_namespaces
- get_namespace
- get_available_propagations
- get_uid_from_name_or_uid
- get_gid_from_name_or_gid
- get_uid_by_name
- get_gid_by_name
- get_name_by_uid
- get_name_by_gid
- get_current_users_and_groups
- getresuid
- getresgid
- setresuid
- setresgid
- show_namespaces_status
- show_available_c_functions
- cgroup_namespace_available
- ipc_namespace_available
- net_namespace_available
- mount_namespace_available
- pid_namespace_available
- user_namespace_available
- uts_namespace_available
- unregister_fork_handlers
-
Exceptions
- CFunctionBaseException
- CFunctionNotFound
- NamespaceGenericException
- UnknownNamespaceFound
- UnavailableNamespaceFound
- NamespaceSettingError
-
Helpful CLI
- richard_parker
- mamaji
I test the richard_parker and these scripts in tests/ on following archs