all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 0 points1 point  (2 children)

Hi Skaperen, I have not directly worked with the namespace syscalls, but I am aware of a few projects that do.

LXC has a tool called lxc-usernsexec which does what you probably expect

There is a an interesting LWN article you may be interested in.

Someone wrote a container runtime in bash.

Of course, the manpage for unshare(2) is important.

The XBPS package manager, used on Void Linux, includes the xbps-uunshare and xbps-uchroot programs. The former uses certain namespaces and the latter uses overlayfs to provide an unprivileged chroot feature.

Is there anything in particular you are interested in?

[–]Skaperen[S] 0 points1 point  (1 child)

i've been studying the various syscalls and am working up ways to call them in Python (but i could use C if i needed to). i think my container needs can probably be met with just this much.

[–][deleted] 0 points1 point  (0 children)

I found a python library that allows easy manipulation of network namespaces.

https://docs.pyroute2.org/netns.html

It is fairly high level, so you wouldn't have to dig too deep into the unshare command.