[lxc-users] applying a patch in an unprivileged lxc container with python

Benoit Barthelet benoit.barthelet at gmail.com
Fri Mar 17 18:19:25 UTC 2017 

I managed to do it, but I find the whole process ugly, so I wondered if
there might be something I'm missing or if I'm trying to reinvent the
wheel...

I see lxd has some built-in file transfer, unfortunately lxd still isn't
available on debian :)

So I managed the file transfer this way:

cat settings.patch | lxc-attach - n lxcws -- sudo -u guest sh -c 'exec cat
> /home/guest/settings.patch'

which translates in python to:

def run_command(container, command, env={}, uid=None, gid=None, **kwargs):
    env['LANG'] = "C.UTF-8"
    env['TERM'] = "xterm"
    env = ["%s=%s" % (key, value) for key, value in env.items()]
    if uid is not None and gid is not None:
        return container.attach_wait(
            lxc.attach_run_command, command,
            extra_env_vars=env, env_policy=lxc.LXC_ATTACH_CLEAR_ENV,
uid=uid, gid=gid, **kwargs)
    else:
        return container.attach_wait(
            lxc.attach_run_command, command,
            extra_env_vars=env, env_policy=lxc.LXC_ATTACH_CLEAR_ENV,
**kwargs)

def transfer_file(container, hostfile, destfile, uid=None, gid=None,
**kwargs):
    catfile = subprocess.Popen(['cat', hostfile], stdout=subprocess.PIPE)
    exec_command = 'exec cat > ' + destfile
    return run_command(container, ['sh', '-c', exec_command], uid=uid,
gid=gid, stdin=catfile.stdout, **kwargs)

patchfile = '/home/host/PycharmProjects/lxcws/settings.patch'
transfer_file(container, patchfile, '/home/guest/settings.patch', uid=1000,
gid=1000)

The patching now:

lxc-attach -n lxcws -- sudo -u guest sh -c 'patch -p1 -b <
/home/toto/settings.patch'

the below "python translation" works, but I wondered if there was a nicest
way to implement it, using stdout in the attach_wait kwargs, but I couldn't
wrap my head around it.

patch_command = 'patch -p1 -b < /home/guest/settings.patch'
run_command(container, ['sh', '-c', patch_command], uid=1000, gid=1000,
initial_cwd='/home/guest')

In fact the whole use of "sh -c" in both commands is bizarre to me, would
there be something more elegant ?



--
benoit barthelet
http://pgp.mit.edu/pks/lookup?op=get&search=0xF150E01A72F6D2EE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170317/028db178/attachment.html>

More information about the lxc-users mailing list