Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
"Pythonless" container connections #223
For chroot, LXC and Jails, and probably Docker with enough fighting, it's possible to take a Python interpreter from the host machine and hoist it inside the container. The ability to do this would avoid the need to have Python installed within the container, with a few conditions:
The approach would vary according to the container type:
Need to arrange for process capability bits to be dropped when calling setns() on a privileged container, as those containers have access to ptrace() and can hijack the interpreter to make use of the bits.
This would lay the groundwork for something else I've wanted for years: integrating seccomp.py as a connection method