4 #include <asm/unistd.h>
8 #include <linux/capability.h>
11 drop_caps(PyObject *self, PyObject *args)
13 unsigned int to_drop[128] = {CAP_NET_ADMIN,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_MKNOD,CAP_MAC_ADMIN,CAP_SYS_MODULE};
16 if (prctl(PR_CAPBSET_DROP, to_drop[i], 0, 0, 0) == -1) {
18 return Py_BuildValue("i", 2);
21 return Py_BuildValue("i", 0);
25 proc_mount(PyObject *self, PyObject *args)
28 sts = mount("none","/proc","proc",0,NULL);
30 return Py_BuildValue("i", sts);
34 proc_umount(PyObject *self, PyObject *args)
37 sts = umount("/proc");
39 return Py_BuildValue("i", sts);
43 chfscontext(PyObject *self, PyObject *args)
48 if (!PyArg_ParseTuple(args, "s", &filepath))
51 int fd = open(filepath, O_RDONLY);
64 return Py_BuildValue("i", sts);
68 chcontext(PyObject *self, PyObject *args)
73 if (!PyArg_ParseTuple(args, "s", &filepath))
76 int fd = open(filepath, O_RDONLY);
89 return Py_BuildValue("i", sts);
92 static PyMethodDef SetnsMethods[] =
94 {"proc_mount", proc_mount, METH_VARARGS, "Mount a volume via the mount system call."},
95 {"proc_umount", proc_umount, METH_VARARGS, "Umount a volume via the umount system call."},
96 {"chcontext", chcontext, METH_VARARGS, "Switch into an lxc container."},
97 {"drop_caps", drop_caps, METH_VARARGS, "Drop dangerous capabilities."},
98 {"chfscontext", chfscontext, METH_VARARGS, "Switch into an lxc container."},
106 (void) Py_InitModule("setns", SetnsMethods);