Add NSenter tunnel that allows to enter in any linux namespace container #48
Conversation
|
Hi @lordmauve , here's a pull request about an I also have a couple of questions about chopsticks, can you tell where's the best place to ask them ? Thanks. |
|
Thanks, this is interesting. I'd like to review some documentation for There is a Gitter for general questions about Chopsticks. |
of course !
ok, see you there, then. I sent you a mail some time ago but it must have landed in /dev/null or spam :) |
I just realized that maybe I should have use Would you mind keeping this PR "on hold" until I have time to make some tests ? |
|
I don't think we should maintain ctypes bindings for nsenter within Chopsticks. If you create a library we could make Chopsticks use it if it is installed. |
|
You're right! There's already python-nsenter. But now that I'm thinking about it, I realize that there's an impact for the enduser. If we're making the system calls ourselves via So before going further I'd like to have your opinion on that topic. |
Steps to reproduce:
1) Make a tunnel then close it - this ends the IOLoop as
self.{read,write} are empty, but without calling `stop()`
2) Make another tunnel - stderr ioloop never starts running
as it's still considered running https://github.com/amigrave/chopsticks/blob/master/chopsticks/tunnel.py#L51
-> we never get the stderr
This error is hidden if the second tunnel is created before the first one is closed.
[FIX] set running=False when IOLoop stops
NSEnter: A tunnel to a process on the same host, launched with nsenter.
This is a generic tunnel for all containers using linux namespaces such as docker, systemd-nspawn, rkt, ... that can be spawned as a subprocess of any given process id. This tunnel uses sudo hence it
requires the same passworless setup than the
Sudotunnel plus thensentercommand line utility found inlinux-utilspackage.