4 #include <asm/unistd.h>
8 #include <linux/capability.h>
11 drop_caps(PyObject *self, PyObject *args)
13 unsigned int to_drop[128]
14 = {CAP_NET_ADMIN, CAP_SYS_ADMIN, CAP_SYS_BOOT,
15 CAP_MKNOD, CAP_MAC_ADMIN, CAP_SYS_MODULE};
17 for (i = 0; i<6 ; i++) {
18 if (prctl(PR_CAPBSET_DROP, to_drop[i], 0, 0, 0) == -1) {
20 return Py_BuildValue("i", 2);
23 return Py_BuildValue("i", 0);
27 proc_mount(PyObject *self, PyObject *args)
30 sts = mount("none","/proc","proc",0,NULL);
32 return Py_BuildValue("i", sts);
36 proc_umount(PyObject *self, PyObject *args)
39 sts = umount("/proc");
41 return Py_BuildValue("i", sts);
45 chfscontext(PyObject *self, PyObject *args)
50 if (!PyArg_ParseTuple(args, "s", &filepath))
53 int fd = open(filepath, O_RDONLY);
66 return Py_BuildValue("i", sts);
70 chcontext(PyObject *self, PyObject *args)
75 if (!PyArg_ParseTuple(args, "s", &filepath))
78 int fd = open(filepath, O_RDONLY);
91 return Py_BuildValue("i", sts);
94 static PyMethodDef SetnsMethods[] =
96 {"proc_mount", proc_mount, METH_VARARGS, "Mount a volume via the mount system call."},
97 {"proc_umount", proc_umount, METH_VARARGS, "Umount a volume via the umount system call."},
98 {"chcontext", chcontext, METH_VARARGS, "Switch into an lxc container."},
99 {"drop_caps", drop_caps, METH_VARARGS, "Drop dangerous capabilities."},
100 {"chfscontext", chfscontext, METH_VARARGS, "Switch into an lxc container."},
101 {NULL, NULL, 0, NULL}
104 static struct PyModuleDef moduledef = {
105 PyModuleDef_HEAD_INIT,
107 "http://git.onelab.eu/?p=lxc-userspace.git;a=summary",
116 PyObject *PyInit_setns(void){
117 PyObject *module = PyModule_Create(&moduledef);