Procszoo is a small Python module that gives you full power to manage your processes by Linux namespaces.
- Wiki
- Goals
- Resources
- Requirements
- Install
- Building
- Try It
- Getting Your Feet Wet with the procszoo Module
- Networks
- Docs
- Known Issues
- Exported Functions, Objects, and Helpful CLI
- Test Platforms
Procszoo aims to provide you a simple but complete tool and you can use it as a DSL or an embedded programming language which let you operate Linux namespaces by Python.
Procszoo gives a smart init program. I get it from baseimage-docker. Thanks a lot, you guys.
Procszoo does not require new version Python (but we support python3, too) and Linux kernel.
- IRC channel: #procszoo on freenode.net
Procszoo only requires Python standard libraries and the following packages
# if you want python3, please install following package's python3 version
# on RHEL/CentOS >= 6
sudo yum -y install autoconf gcc make glibc-headers
sudo yum -y install python-devel python-setuptools
# Debain/Ubuntu
sudo apt-get -y install autoconf gcc make libc6-dev
sudo apt-get -y install python-dev python-setuptools
-
You can install the procszoo by setuptools
git clone https://github.com/xning/procszoo.git cd procszoo && sudo ./setup.py install
-
You can install the procszoo by pip
sudo pip install procszoo
If you don't want to install it, then you can just clone it and do as the following commands,
git clone https://github.com/xning/procszoo.git
cd procszoo && make
By default, the above commands will build the program for your default Python version.
If you want to build it for other Python version, just specify your desired Python interpretor
through the PYTHON
variable of the make
command.
Eg. To build for Python 3:
make PYTHON=/usr/bin/python3
If you will clone the procszoo in your home directory, On the RHEL/CentOS/Scientific Linux/Fedora, the default mode of your home directory is 0400, this will cause trouble, hence change it
chmod go+rx ${HOME}
Now you can try it in an interactive shell as follows (we suppose you have installed the procszoo)
richard_parker -l # what namsepaces are available?
richard_parker --available-c-functions # what C functions are available?
richard_parker # get an interactive shell
If your Linux kernel doesn't support "user" namespaces, e.g., RHEL6/CentOS6, RHEL7/CentOS7, you need super user privileges
sudo richard_parker
And now, you can check things that we have in namespaces
-
programs get small pid number, e.g., 1, 2, etc., and there is only lo device and it is down
ps -ef ifconfig -a
-
open another terminal, we can see that the namespaces entries are different from last namespaces
ls -l /proc/self/ns
-
if the kernel support and enable "user" namespaces, we are superuser at the same time
id
-
if you have trouble to try the above steps, please refer to Known Issues.
If you want to enable each namespace that your kernel supports
from procszoo.c_functions import *
if __name__ == "__main__":
spawn_namespaces()
If you need to run your own program instead of an interactive shell,
from procszoo.c_functionss import *
if __name__ == "__main__":
spawn_namespaces(nscmd=path_to_your_program)
Let's add network function to the new namespaces.
Because we will mount namespaces entries by the bind flag, we have to run richard_parker as the super user.
Except the shell that richard_parker will open, we need another interactive shell to make veth devices and add them to the new "net" namespace.
-
create a mount point
mkdir /tmp/ns
-
create namespaces
sudo richard_parker --ns-bind-dir=/tmp/ns
-
in richard_parker, configure the lo device
ip link set lo up
-
in a new terminal, remount the /tmp/ns/net to /var/run/netns/net so ip command could operate it
[ -d /var/run/netns ] | sudo mkdir -p /var/run/netns sudo touch /var/run/netns/ns sudo mount --bind /tmp/ns/net /var/run/netns/ns
-
in the new terminal, create two devices and set one of them to the new namespace in this new terminal
sudo ip link add veth0 type veth peer name veth1 sudo ip link set dev veth1 netns ns
-
in this new terminal, configure veth0 device
sudo ip link set veth0 up sudo ip addr add 192.168.0.10/24 broadcast 192.168.0.255 dev veth0
-
in richard_parker, configure veth1
ip link set veth1 up ip addr add 192.168.0.11/24 broadcast 192.168.0.255 dev veth1
-
let's say "hello" from the new terminal
ping -c 3 192.168.0.11
-
let's say "hello" from richard_parker
ping -c 3 192.168.0.10
-
os.execv complains "permission deny"
If running richard_parker unsuccessfully on RHEL/CentOS/Fedora, and get the following error messages like those
os.execv(...) OSError: [Errno 13] Permission denied
That's not a bug, please see the comment.
-
"ip netns" failed on RHRL6/CentOS6 and gave error messages as follows
Object "nets" is unknown, try "ip help".
We need a more latest iproute package, to do that please refer to here
The procszoo.utils exported following functions and objects, and I don't think that you need learn them all
-
objects
- workbench
- SpawnNamespacesConfig
-
key functions
- spawn_namespaces
- check_namespaces_available_status
-
helpful functions
- atfork
- sched_getcpu
- mount
- umount
- umount2
- unshare
- setns
- gethostname
- sethostname
- getdomainname
- setdomainname
- pivot_root
- to_unicode
- to_bytes
- adjust_namespaces
- get_namespace
- get_available_propagations
- get_current_users_and_groups
- getresuid
- getresgid
- setresuid
- setresgid
- show_namespaces_status
- show_available_c_functions
- cgroup_namespace_available
- ipc_namespace_available
- net_namespace_available
- mount_namespace_available
- pid_namespace_available
- user_namespace_available
- uts_namespace_available
- unregister_fork_handlers
-
Exceptions
- CFunctionBaseException
- CFunctionNotFound
- NamespaceGenericException
- UnknownNamespaceFound
- UnavailableNamespaceFound
- NamespaceSettingError
-
Helpful CLI
- richard_parker
- mamaji
I test the richard_parker and these scripts in tests/ on following archs