Container in linux, linux in egg, egg in python

Hello, {{username}}

I am DevOps and really love Linux. It is clear that with such a bundle I just could not help loving LinuX Containers (especially since BSD and Solaris have long been pleased with similar capabilities of their users).
')
Naturally, the business also saw an attractive opportunity and container management programs began to grow and multiply: docker , rocket , vagga , lxc , systemd-nspawn , etc ...

Docker became the de facto standard primarily due to the content creation and delivery system. But the main docker daemon runs as root, and, in my opinion, this is a minus of this project ( Proof ).

Rocket and vagga went the other way, and this path is called unprivileged containers. You no longer need root privileges to run the process in new namespaces, and this opens up interesting prospects for building test sites and a safe environment.

But in all these projects there is one fatal flaw: they are all written using c, go, and rust, and I love python and cannot participate in their development. Agree, it's a pity to miss all the fun.

So, under the cut, you will find a library for running processes in the new linux user namespaces :

Pyspaces

Baby you just space

Goals

Now there is no convenient way to work with linux namespaces from python:

• you can use asylum - the project looks dead and is hosted incomprehensibly where
• or you can try python-libvirt binding with a high level of abstraction
• use c code like vagga and lxc do
• or pull glibc calls using ctypes
• otherwise, subprocess.Popen remains.

I want to change this: I want to create native python bindings to the glibc library with an interface like in multiprocessing.Process. And a few more goals:

• popularize linux
• popularize python
• participate in the creation of a popular open source project
• become famous
• popularity and girls will be a nice bonus

PS: just look at python-nsenter - it looks great!

Example

import os from pyspaces import Container def execute(argv): os.execvp(argv[0], argv) cmd = "mount -t proc proc /proc; ps ax" c = Container(target=execute, args=(('bash', '-c', cmd),), uid_map='0 1000 1', newpid=True, newuser=True, newns=True ) c.start() print("PID of child created by clone() is %ld\n" % c.pid) c.join() print("Child returned: pid %s, status %s" % (c.pid, c.exitcode)) 

 PID of child created by clone() is 15978 PID TTY STAT TIME COMMAND 1 pts/19 S+ 0:00 bash -c mount -t proc proc /proc; ps ax 3 pts/19 R+ 0:00 ps ax Child returned: pid 15978, status 0 

CLI

 space -v execute --pid --fs --user --uid '0 1000 1' bash -c 'mount -t proc /proc; ps ax' space chroot --pid --uid '0 1000 1' ~/.local/share/lxc/ubuntu/rootfs/ /bin/ls /home/ 

Todo

1. [x] clone & Container
2. [x] CLI
3. [x] chroot
4. [] process list
5. [] inject
6. [] move CLI to separate package
7. [] addons
8. [] support for lxc, vagga, rocket, docker, etc ...
9. [] ...
10. [] one tool for rule them all !! 1

Links

License - MIT, but also going to add BSD and Apache 2.0

It's not the end

There is a lot of work to be done: we need normal tests, documentation, new features and pleasant cli. The postponement of the announcement on the back burner was interrupted by the guys from Minsk Python Meetup , for which many thanks to them. Now I hope for community support and interest;)

And in conclusion, I would like to quote the creator of scipy & numpy:

Keys to success: Hard work - specially up front
Often lonely - not yours. Others need some 'proof' before they join you.
It will be you.

I spent 18 months not publishing papers to write NumPy
(despite many people telling me it was foolish)
Travis oliphant

PS: you can chat live with me on the topic and not only at the next Minsk Python Meetup