gh-95023: added os.setns and os.unshare for namespaces switching on Linux

noamcohen97 · noamcohen97 · commit 0bdd8bcf6989 · 2022-07-20T17:07:14.000+03:00
diff --git a/Doc/library/os.rst b/Doc/library/os.rst
@@ -569,6 +569,15 @@ process and user.
       See the documentation for :func:`getgroups` for cases where it may not
       return the same group list set by calling setgroups().
 
+.. function:: setns(fd, flags=0)
+
+   Call the system call :c:func:`setns`. See the Linux manual for the semantics.
+   For flags see the ``CLONE_NEW*`` constants.
+
+   .. availability:: Linux 3.0 or newer.
+
+   .. versionadded:: 3.12
+
 .. function:: setpgrp()
 
    Call the system call :c:func:`setpgrp` or ``setpgrp(0, 0)`` depending on
@@ -732,6 +741,27 @@ process and user.
       The function is now always available and is also available on Windows.
 
 
+.. function:: unshare(flags)
+
+   Call the system call :c:func:`unshare`. See the Linux manual for the semantics.
+
+   .. availability:: Linux 2.6.16 or newer.
+
+   .. versionadded:: 3.12
+
+Parameters to the :func:`unshare` function, if the implementation supports them.
+
+.. data:: CLONE_FS
+          CLONE_FILES
+          CLONE_NEWNS
+          CLONE_NEWCGROUP
+          CLONE_NEWUTS
+          CLONE_NEWIPC
+          CLONE_NEWUSER
+          CLONE_NEWPID
+          CLONE_NEWNET
+          CLONE_NEWTIME
+
 .. _os-newstreams:
 
 File Object Creation
diff --git a/Lib/test/test_posix.py b/Lib/test/test_posix.py
@@ -2172,6 +2172,35 @@ def test_utime(self):
                 os.utime("path", dir_fd=0)
 
 
+class NamespacesTests(unittest.TestCase):
+    """Tests for os.unshare() and os.setns()."""
+
+    @unittest.skipUnless(hasattr(os, 'unshare'), 'needs os.unshare()')
+    @unittest.skipUnless(hasattr(os, 'setns'), 'needs os.setns()')
+    @unittest.skipUnless(hasattr(os, 'readlink'), 'needs os.readlink()')
+    @unittest.skipUnless(os.path.exists('/proc/self/ns/uts'), 'need /proc/self/ns/uts')
+    @support.requires_linux_version(3, 0, 0)
+    def test_unshare_setns(self):
+        original = os.readlink('/proc/self/ns/uts')
+        original_fd = os.open('/proc/self/ns/uts', os.O_RDONLY)
+        self.addCleanup(os.close, original_fd)
+
+        try:
+            os.unshare(os.CLONE_NEWUTS)
+        except OSError as e:
+            self.assertEqual(e.errno, errno.EPERM)
+            self.skipTest("unprivileged users cannot call unshare.")
+
+        current = os.readlink('/proc/self/ns/uts')
+        self.assertNotEqual(original, current)
+
+        self.assertRaises(OSError, os.setns, original_fd, os.CLONE_NEWNET)
+        os.setns(original_fd, os.CLONE_NEWUTS)
+
+        current = os.readlink('/proc/self/ns/uts')
+        self.assertEqual(original, current)
+
+
 def tearDownModule():
     support.reap_children()
 
diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-07-20-09-04-55.gh-issue-95023.bs-xd7.rst b/Misc/NEWS.d/next/Core and Builtins/2022-07-20-09-04-55.gh-issue-95023.bs-xd7.rst
@@ -0,0 +1 @@
+Implement :func:`os.setns` and  :func:`os.unshare` for Linux. Patch by Noam Cohen
diff --git a/Modules/clinic/posixmodule.c.h b/Modules/clinic/posixmodule.c.h
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
@@ -8588,6 +8588,61 @@ os_pidfd_open_impl(PyObject *module, pid_t pid, unsigned int flags)
 #endif
 
 
+#if defined(__linux__) && defined(HAVE_SETNS)
+/*[clinic input]
+os.setns
+  fd: fildes
+  nstype: int = 0
+
+Allows the calling thread to move into different namespaces.
+[clinic start generated code]*/
+
+static PyObject *
+os_setns_impl(PyObject *module, int fd, int nstype)
+/*[clinic end generated code: output=5dbd055bfb66ecd0 input=c097c9aa123c43ce]*/
+{
+    int res;
+
+    Py_BEGIN_ALLOW_THREADS
+    res = setns(fd, nstype);
+    Py_END_ALLOW_THREADS
+
+    if (res != 0) {
+        return posix_error();
+    }
+
+    Py_RETURN_NONE;
+}
+#endif
+
+
+#if defined(__linux__) && defined(HAVE_UNSHARE)
+/*[clinic input]
+os.unshare
+  flags: int
+
+Allows a process (or thread) to disassociate parts of its execution context.
+[clinic start generated code]*/
+
+static PyObject *
+os_unshare_impl(PyObject *module, int flags)
+/*[clinic end generated code: output=1b3177906dd237ee input=f8d7bd2c69325537]*/
+{
+    int res;
+
+    Py_BEGIN_ALLOW_THREADS
+    res = unshare(flags);
+    Py_END_ALLOW_THREADS
+
+    if (res != 0) {
+        return posix_error();
+    }
+    
+    Py_RETURN_NONE;
+}
+#endif
+
+
 #if defined(HAVE_READLINK) || defined(MS_WINDOWS)
 /*[clinic input]
 os.readlink
@@ -14930,6 +14985,8 @@ static PyMethodDef posix_methods[] = {
     OS__ADD_DLL_DIRECTORY_METHODDEF
     OS__REMOVE_DLL_DIRECTORY_METHODDEF
     OS_WAITSTATUS_TO_EXITCODE_METHODDEF
+    OS_SETNS_METHODDEF
+    OS_UNSHARE_METHODDEF
     {NULL,              NULL}            /* Sentinel */
 };
 
@@ -15375,6 +15432,41 @@ all_ins(PyObject *m)
 #ifdef SCHED_FX
     if (PyModule_AddIntConstant(m, "SCHED_FX", SCHED_FSS)) return -1;
 #endif
+
+/* constants for namespaces */
+#if defined(__linux__) && (defined(HAVE_SETNS) || defined(HAVE_UNSHARE))
+#ifdef CLONE_FS
+    if (PyModule_AddIntMacro(m, CLONE_FS)) return -1;
+#endif
+#ifdef CLONE_FILES
+    if (PyModule_AddIntMacro(m, CLONE_FILES)) return -1;
+#endif
+#ifdef CLONE_NEWNS
+    if (PyModule_AddIntMacro(m, CLONE_NEWNS)) return -1;
+#endif
+#ifdef CLONE_NEWCGROUP
+    if (PyModule_AddIntMacro(m, CLONE_NEWCGROUP)) return -1;
+#endif
+#ifdef CLONE_NEWUTS
+    if (PyModule_AddIntMacro(m, CLONE_NEWUTS)) return -1;
+#endif
+#ifdef CLONE_NEWIPC
+    if (PyModule_AddIntMacro(m, CLONE_NEWIPC)) return -1;
+#endif
+#ifdef CLONE_NEWUSER
+    if (PyModule_AddIntMacro(m, CLONE_NEWUSER)) return -1;
+#endif
+#ifdef CLONE_NEWPID
+    if (PyModule_AddIntMacro(m, CLONE_NEWPID)) return -1;
+#endif
+#ifdef CLONE_NEWNET
+    if (PyModule_AddIntMacro(m, CLONE_NEWNET)) return -1;
+#endif
+#ifdef CLONE_NEWTIME
+    if (PyModule_AddIntMacro(m, CLONE_NEWTIME)) return -1;
+#endif
+#endif
+
 #endif
 
 #ifdef USE_XATTRS
diff --git a/configure b/configure
diff --git a/configure.ac b/configure.ac
@@ -4937,6 +4937,9 @@ AC_CHECK_FUNCS(setpgrp,
     [])
 )
 
+# check for namespace functions
+AC_CHECK_FUNCS(setns unshare)
+
 dnl We search for both crypt and crypt_r as one or the other may be defined
 dnl libxcrypt provides <crypt.h> and libcrypt with crypt_r() since
 dnl at least 3.1.1 from 2015.
diff --git a/pyconfig.h.in b/pyconfig.h.in
@@ -1019,6 +1019,9 @@
 /* Define to 1 if you have the `setlocale' function. */
 #undef HAVE_SETLOCALE
 
+/* Define to 1 if you have the `setns' function. */
+#undef HAVE_SETNS
+
 /* Define to 1 if you have the `setpgid' function. */
 #undef HAVE_SETPGID
 
@@ -1383,6 +1386,9 @@
 /* Define to 1 if you have the `unlinkat' function. */
 #undef HAVE_UNLINKAT
 
+/* Define to 1 if you have the `unshare' function. */
+#undef HAVE_UNSHARE
+
 /* Define if you have a useable wchar_t type defined in wchar.h; useable means
    wchar_t must be an unsigned type with at least 16 bits. (see
    Include/unicodeobject.h). */

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Implement :func:`os.setns` and :func:`os.unshare` for Linux. Patch by Noam Cohen
Original file line number	Diff line number	Diff line change
`@@ -4937,6 +4937,9 @@ AC_CHECK_FUNCS(setpgrp,`
`4937`	`4937`	`[])`
`4938`	`4938`	`)`
`4939`	`4939`
	`4940`	`+# check for namespace functions`
	`4941`	`+AC_CHECK_FUNCS(setns unshare)`
	`4942`	`+`
`4940`	`4943`	`dnl We search for both crypt and crypt_r as one or the other may be defined`
`4941`	`4944`	`dnl libxcrypt provides <crypt.h> and libcrypt with crypt_r() since`
`4942`	`4945`	`dnl at least 3.1.1 from 2015.`