| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Patch for : No section: 'formatters'
|
| |
| |
| |
| | |
Config file was missing from staged files
|
|\ \
| |/
| | |
Rebasing bubblewrap branch with master.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously executor_for_platform() would select linux-user-chroot
if availble. New behaviour is to look for bubblewrap first, then
linux-user-chroot, else falling back to chroot. To support this, a
generic 'get_program()' function was added to both bubblewrap.py
and linux_user_chroot.py for interfacing.
|
| |
| |
| |
| |
| | |
Adds in support for the bubblewrap sandbox. Comes with a logger that
logs both to stdout (WARN or higher) and to a log file (everything)
|
|\ \
| |/
| | |
Tiagogomes/unit test fixes
|
| |
| |
| |
| | |
Also fix a small error detected by the new tests.
|
| |
| |
| |
| | |
This module is not included in Python 3.
|
| |
| |
| |
| |
| |
| | |
Change some tests to pass if they are run as non-root. The
linux-user-chroot tool seems to require that the absolute location of
the binary to execute in the sandbox is given if called as non-root.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fix missing source argument in the 'mount' command.
- Add missing datapath assigment to ensure that file is created in
the expected location.
- Remove unnecessary extra_mounts that were causing the test files
in /data to not be accessible inside the sandbox as that directory
was being overlapped with a mount bind.
Also, mention that the C library static libraries are required to be
installed for running the tests.
|
|/ |
|
|\
| |
| | |
Correcting a broken test
|
|/
|
|
|
|
|
|
| |
FILE_OR_DIRECTORY_EXISTS_TEST_PROGRAM previously fetched args[0]
instead of args[1]. Program now checks the correct file when
inside of the sandbox.
Added in a simple .gitignore
|
| |
|
|\
| |
| | |
Fixed a minor bug where root logger is used instead of a named 'sandb…
|
|/
|
|
| |
If the root logger is used instead of a named 'sandboxlib' logger. This causes potential issues for 3rd party tools using this library
|
|\
| |
| | |
Issue 19 and 17: Awful hack to ensure string-escape is loaded
|
|/
|
|
|
|
|
| |
This hack ensures that when propagating an exception back from
the child process in a chroot, the required string-escape python
module is already in memory and no attempt to lazy load it in the
chroot is made.
|
|\
| |
| | |
Propagate child process traceback from chroot process.
|
|/
|
|
|
|
|
| |
Without propagating the traceback for the child, issues
such as the following become near impossible to diagnose:
https://github.com/devcurmudgeon/ybd/issues/224
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
It looks like a pretty useful sandboxing tool, with more momentum
than linux-user-chroot.
|
|\
| |
| | |
Mount more flexibility
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The mount operation is overloaded to also remount to change flags.
This does not result in a new mount,
so unmounting it is the wrong thing to do in this case.
For now, we assume that we're modifying a mount we created earlier,
so we can just avoid unmounting when we remount,
rather than having to determine how to reverse the changing of flags.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
You can't create a bind-mount as read-only,
you can only bind-mount then remount it as read-only.
So a sandboxlib user might opt to say it wants to bind something in,
then make it read-only, as two separate extra mounts.
We can't do this directly with linux-user-chroot,
as we are restricted to bind-mounts and making a subtree read-only,
but making a subtree read-only is close enough.
|
|/
|
|
|
|
| |
It's more natural to not pass -t when bind-mounting,
to not pass -o when no options are required,
and to not pass the source path when remounting.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This fixes a crash if the command fails, because we would try to decode
'err' but it would be None because output was not being captured.
|
|
|
|
|
|
| |
I thought that a typeerror was causing a crash in YBD, but realised
it was something else. This commit should still be an improvement,
though.
|
|
|
|
|
|
|
| |
This fixes https://github.com/CodethinkLabs/sandboxlib/issues/6
where passing a relative path for 'cwd' caused an error. I had assumed
that os.chroot() reset the current working directory itself, since
the `chroot` program does, but apparently not.
|
|
|
|
| |
This fixes https://github.com/CodethinkLabs/sandboxlib/issues/3
|
|
|
|
|
| |
This should have no effect on behaviour, but makes things slightly more
predictable.
|
|
|
|
| |
The `unshare` and `mount` commands are no longer needed.
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|