Furnace
=======
A lightweight pure-python container implementation.
.. |build_status| image:: https://github.com/balabit/furnace/workflows/build/badge.svg
.. |python_support| image:: python-support.svg
|build_status| |python_support|
It is a wrapper around the Linux namespace functionality through libc
functions like ``unshare()``, ``nsenter()`` and ``mount()``. You can
think of it as a sturdier chroot replacement, where cleanup is easy (no
lingering processes or leaked mountpoints). It needs superuser
privileges to run.
Usage
-----
Installation
~~~~~~~~~~~~
You can either install it with pip:
::
pip3 install furnace
Or if you want, the following commands will install the bleeding-edge
version of furnace to your system.
::
git clone https://github.com/balabit/furnace.git
cd furnace
python3 setup.py install
This will of course install it into a virtualenv, if you activate it
beforehand.
Dependencies
~~~~~~~~~~~~
The only dependencies are:
- Python3.6+
- Linux kernel 2.6.24+
- A libc that implements setns() and nsenter() (that’s basically any
libc released after 2007)
Example
~~~~~~~
After installing, the main interface to use is the ``ContainerContext``
class. It is, as the name suggests, a context manager, and after
entering, its ``run()`` and ``Popen()`` methods can be used exactly like
``subprocess``\ ’s similarly named methods:
.. code:: python
from furnace.context import ContainerContext
with ContainerContext('/opt/ChrootMcChrootface') as container:
container.run(['ps', 'aux'])
The above example will run ``ps`` in the new namespace. It should show
two processes, furnace’s PID1, and the ``ps`` process itself. After
leaving the context, furnace will kill all processes started inside, and
destroy the namespaces created, including any mountpoints that were
mounted inside (e.g. with ``container.run(['mount', '...'])``).
Of course, all other arguments of ``run()`` and ``Popen()`` are
supported:
.. code:: python
import sys
import subprocess
from furnace.context import ContainerContext
with ContainerContext('/opt/ChrootMcChrootface') as container:
ls_result = container.run(['ls', '/bin'], env={'LISTFLAGS': '-la'}, stdout=subprocess.PIPE, check=True)
print('Files:')
print(ls_result.stdout.decode('utf-8'))
file_outside_container = open('the_magic_of_file_descriptors.gz', 'wb')
process_1 = container.Popen(['cat', '/etc/passwd'], stdout=subprocess.PIPE)
process_2 = container.Popen(['gzip'], stdin=process_1.stdout, stdout=file_outside_container)
process_2.communicate()
process_1.wait()
As you can see, the processes started can inherit file descriptors from
each other, or outside the container, and can also be managed from the
python code outside the container, if you wish.
As a convenience feature, the context has an ``interactive_shell()``
method that takes you into bash shell inside the container. This is
mostly useful for debugging:
.. code:: python
import traceback
from furnace.context import ContainerContext
with ContainerContext('/opt/ChrootMcChrootface') as container:
try:
container.run(['systemctl', '--enable', 'nginx.service'])
except Exception as e:
print("OOOPS, an exception occured:")
traceback.print_exc(file=sys.stdout)
print("Entering debug shell")
container.interactive_shell()
raise
Development
-----------
Contributing
~~~~~~~~~~~~
We appreciate any feedback, so if you have problems, or even
suggestions, don’t hesitate to open an issue. Of course, Pull Requests
are extra-welcome, as long as tests pass, and the code is not much worse
than all other existing code :)
Setting up a development environment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To set up a virtualenv with all the necessary tools for development,
install the GNU make tool and the python3-venv package (it is supposed to be
part of the standard python3 library, but on Ubuntu systems is an invidual
package).
Then simply run:
::
make dev
This will create a virtualenv in a directory named .venv. This
virtualenv is used it for all other make targets, like ``check``
Running tests
~~~~~~~~~~~~~
During and after development, you usually want to run both coding style
checks, and integration tests. Make sure if the 'loop' kernel module has been
loaded before you run the integration tests.
::
make lint
make check
Please make sure at least these pass before submitting a PR.
License
-------
This project is licensed under the GNU LGPLv2.1 License - see the
`LICENSE.txt`_ for details
.. _LICENSE.txt: LICENSE.txt
Raw data
{
"_id": null,
"home_page": "https://github.com/balabit/furnace",
"name": "furnace",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "containers containerization",
"author": "",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/92/5a/032a49eff49cd4966353175e95e5f94456cc2ba12a3aa5e43eca74e434c7/furnace-0.0.9.tar.gz",
"platform": null,
"description": "Furnace\n=======\n\nA lightweight pure-python container implementation.\n\n.. |build_status| image:: https://github.com/balabit/furnace/workflows/build/badge.svg\n.. |python_support| image:: python-support.svg\n\n|build_status| |python_support|\n\nIt is a wrapper around the Linux namespace functionality through libc\nfunctions like ``unshare()``, ``nsenter()`` and ``mount()``. You can\nthink of it as a sturdier chroot replacement, where cleanup is easy (no\nlingering processes or leaked mountpoints). It needs superuser\nprivileges to run.\n\nUsage\n-----\n\nInstallation\n~~~~~~~~~~~~\n\nYou can either install it with pip:\n\n::\n\n pip3 install furnace\n\nOr if you want, the following commands will install the bleeding-edge\nversion of furnace to your system.\n\n::\n\n git clone https://github.com/balabit/furnace.git\n cd furnace\n python3 setup.py install\n\nThis will of course install it into a virtualenv, if you activate it\nbeforehand.\n\nDependencies\n~~~~~~~~~~~~\n\nThe only dependencies are:\n\n- Python3.6+\n- Linux kernel 2.6.24+\n- A libc that implements setns() and nsenter() (that\u2019s basically any\n libc released after 2007)\n\nExample\n~~~~~~~\n\nAfter installing, the main interface to use is the ``ContainerContext``\nclass. It is, as the name suggests, a context manager, and after\nentering, its ``run()`` and ``Popen()`` methods can be used exactly like\n``subprocess``\\ \u2019s similarly named methods:\n\n.. code:: python\n\n from furnace.context import ContainerContext\n\n with ContainerContext('/opt/ChrootMcChrootface') as container:\n container.run(['ps', 'aux'])\n\nThe above example will run ``ps`` in the new namespace. It should show\ntwo processes, furnace\u2019s PID1, and the ``ps`` process itself. After\nleaving the context, furnace will kill all processes started inside, and\ndestroy the namespaces created, including any mountpoints that were\nmounted inside (e.g. with ``container.run(['mount', '...'])``).\n\nOf course, all other arguments of ``run()`` and ``Popen()`` are\nsupported:\n\n.. code:: python\n\n import sys\n import subprocess\n from furnace.context import ContainerContext\n\n with ContainerContext('/opt/ChrootMcChrootface') as container:\n ls_result = container.run(['ls', '/bin'], env={'LISTFLAGS': '-la'}, stdout=subprocess.PIPE, check=True)\n print('Files:')\n print(ls_result.stdout.decode('utf-8'))\n\n file_outside_container = open('the_magic_of_file_descriptors.gz', 'wb')\n process_1 = container.Popen(['cat', '/etc/passwd'], stdout=subprocess.PIPE)\n process_2 = container.Popen(['gzip'], stdin=process_1.stdout, stdout=file_outside_container)\n process_2.communicate()\n process_1.wait()\n\nAs you can see, the processes started can inherit file descriptors from\neach other, or outside the container, and can also be managed from the\npython code outside the container, if you wish.\n\nAs a convenience feature, the context has an ``interactive_shell()``\nmethod that takes you into bash shell inside the container. This is\nmostly useful for debugging:\n\n.. code:: python\n\n import traceback\n from furnace.context import ContainerContext\n\n with ContainerContext('/opt/ChrootMcChrootface') as container:\n try:\n container.run(['systemctl', '--enable', 'nginx.service'])\n except Exception as e:\n print(\"OOOPS, an exception occured:\")\n traceback.print_exc(file=sys.stdout)\n print(\"Entering debug shell\")\n container.interactive_shell()\n raise\n\nDevelopment\n-----------\n\nContributing\n~~~~~~~~~~~~\n\nWe appreciate any feedback, so if you have problems, or even\nsuggestions, don\u2019t hesitate to open an issue. Of course, Pull Requests\nare extra-welcome, as long as tests pass, and the code is not much worse\nthan all other existing code :)\n\nSetting up a development environment\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo set up a virtualenv with all the necessary tools for development,\ninstall the GNU make tool and the python3-venv package (it is supposed to be\npart of the standard python3 library, but on Ubuntu systems is an invidual\npackage).\nThen simply run:\n\n::\n\n make dev\n\nThis will create a virtualenv in a directory named .venv. This\nvirtualenv is used it for all other make targets, like ``check``\n\nRunning tests\n~~~~~~~~~~~~~\n\nDuring and after development, you usually want to run both coding style\nchecks, and integration tests. Make sure if the 'loop' kernel module has been\nloaded before you run the integration tests.\n\n::\n\n make lint\n make check\n\nPlease make sure at least these pass before submitting a PR.\n\nLicense\n-------\n\nThis project is licensed under the GNU LGPLv2.1 License - see the\n`LICENSE.txt`_ for details\n\n.. _LICENSE.txt: LICENSE.txt\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "A lightweight pure-python container implementation",
"version": "0.0.9",
"split_keywords": [
"containers",
"containerization"
],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "c8e5d0ad693538a059d9b4ac8a5a0819",
"sha256": "23bec94f81fd64d3e8340cc768d5fe285730ea0e42e1ca097eb861b018a2fd68"
},
"downloads": -1,
"filename": "furnace-0.0.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "c8e5d0ad693538a059d9b4ac8a5a0819",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 23781,
"upload_time": "2022-12-14T17:34:51",
"upload_time_iso_8601": "2022-12-14T17:34:51.487708Z",
"url": "https://files.pythonhosted.org/packages/18/c6/722e8fe25202ad16df08337154eca3b69c8a132613bddf0e6d3b347e8cfc/furnace-0.0.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "9afadcb0957020376402606402fedabe",
"sha256": "6adebc41e10bfdf88b04658e53be863f9ad57743699833aacdc1bbcb93a0643b"
},
"downloads": -1,
"filename": "furnace-0.0.9.tar.gz",
"has_sig": false,
"md5_digest": "9afadcb0957020376402606402fedabe",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 22455,
"upload_time": "2022-12-14T17:34:52",
"upload_time_iso_8601": "2022-12-14T17:34:52.794744Z",
"url": "https://files.pythonhosted.org/packages/92/5a/032a49eff49cd4966353175e95e5f94456cc2ba12a3aa5e43eca74e434c7/furnace-0.0.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-14 17:34:52",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "balabit",
"github_project": "furnace",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "furnace"
}
JSON
