Add python-lxns subproject and rework build options

python-lxns is a Linux namespaces library that I developed for bubblejail. This fixes `slirp4netns` and `namespaces_limits` services being only available on x86_64. The reworked build options: * `allow-site-packages-dir`: replaces the `use_python_site_packages_dir`. Set to "false" by default and prevents installation of bubblejail Python modules in to the `site-packages` directory. bubblejail should now be called with `-Dpython.platlibdir=lib/bubblejail/python-packages` and `-Dpython.purelibdir=lib/bubblejail/python-packages` to use version independent directory for Python modules. * `use-vendored-python-lxns`: install vendored python-lxns using meson's subproject. Python-lxns was also added to the git submodules. Deleted `bytecode-optimization` option. Now meson's `python.bytecompile=1` is used instead.
igo95862 · May 18, 2024 · ed75de0 · ed75de0
1 parent a866c61
commit ed75de0
Show file tree

Hide file tree

Showing 15 changed files with 48 additions and 324 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+# SPDX-FileCopyrightText: 2024 igo95862
+[submodule "subprojects/python-lxns"]
+	path = subprojects/python-lxns
+	url = https://github.com/igo95862/python-lxns.git
diff --git a/meson.build b/meson.build
@@ -7,25 +7,21 @@ project('bubblejail',
 fs = import('fs')
 pymod = import('python')
 py_installation = pymod.find_installation('python3')
+python_purelib_option = get_option('python.purelibdir')
 
-bytecode_compiler = find_program(
-    'bytecode_compiler.py',
-    dirs : [ meson.project_source_root() / 'tools' ],
-)
-
-if get_option('use_python_site_packages_dir')
-    python_packages_dir = py_installation.get_path('purelib')
+if python_purelib_option == py_installation.get_path('purelib') or python_purelib_option == ''
+    if not get_option('allow-site-packages-dir')
+        error('Please configure meson with -Dpython.purelibdir=lib/bubblejail/python-packages -Dpython.platlibdir=lib/bubblejail/python-packages options.')
+    endif
+    extra_python_packages_dir = ''
 else
-    python_packages_dir = get_option('libdir') / 'bubblejail/python_packages/'
+    extra_python_packages_dir = get_option('prefix') / python_purelib_option
+    message('Using non site-packages directory', extra_python_packages_dir)
 endif
 
-meson.add_install_script(
-    bytecode_compiler,
-    '--optimize-level', get_option('bytecode-optimization').to_string(),
-    '--packages-dir', python_packages_dir,
-    install_tag : 'runtime',
-    dry_run : true,
-)
+if get_option('use-vendored-python-lxns').enabled()
+    subproject('python-lxns', default_options : {'use_limited_api': true})
+endif
 
 python_package_env = environment()
 python_package_env.set('MESON_SOURCE_ROOT', meson.project_source_root())

diff --git a/meson_options.txt b/meson_options.txt
@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 # SPDX-FileCopyrightText: 2022 igo95862
-option('use_python_site_packages_dir', type: 'boolean', value: false, description: 'Use pythons site-packages dir for bubblejail python package instead of version independent location.')
 option('version_display', type: 'string', value: '', description: 'Custom --version display.')
-option('bytecode-optimization', type : 'integer', min : 0, max : 2, value : 1)
-option('generate-namespaces-constants', type: 'boolean', value: false, description: 'Generate new namespace constants rather than using x86_64 pre-generated file. This option is under development. DO NOT USE')
 option('man', type : 'boolean', value : true, description : 'Generate and install man pages for CLI tool and services.')
+option('allow-site-packages-dir', type : 'boolean', value : false, description : 'Allow using Python\'s site-packages directory for Python modules instead of version independent location.')
+option('use-vendored-python-lxns', type : 'feature', value : 'disabled', description : 'Use meson subproject for python-lxns library.')
diff --git a/src/bubblejail/meson.build b/src/bubblejail/meson.build
@@ -16,16 +16,11 @@ source_files = [
    'exceptions.py',
    'services.py',
    'py.typed',
-   'namespaces.py',
-   'namespaces_constants.py',
 ]
 
 
-
-bubblejail_package_dir = python_packages_dir / 'bubblejail'
-
-install_data(
+py_installation.install_sources(
     source_files,
-    install_dir : bubblejail_package_dir,
+    subdir : 'bubblejail',
     install_tag : 'runtime',
 )
diff --git a/src/bubblejail/namespaces.py b/src/bubblejail/namespaces.py
diff --git a/src/bubblejail/namespaces_constants.py b/src/bubblejail/namespaces_constants.py
diff --git a/src/bubblejail/services.py b/src/bubblejail/services.py
@@ -20,7 +20,6 @@
 from multiprocessing import Process
 from os import O_CLOEXEC, O_NONBLOCK, environ, getpid, getuid, pipe2, readlink
 from pathlib import Path
-from platform import machine
 from shutil import which
 from typing import TYPE_CHECKING, TypedDict
 
@@ -871,9 +870,6 @@ def iter_bwrap_options(self) -> ServiceGeneratorType:
         self.outbound_addr = settings.outbound_addr
         self.disable_host_loopback = settings.disable_host_loopback
 
-        if machine() != 'x86_64':
-            raise NotImplementedError('Slirp4netns only available on x86_64')
-
         dns_servers = settings.dns_servers.copy()
         dns_servers.append("10.0.2.3")
 
@@ -891,10 +887,10 @@ async def post_init_hook(self, pid: int) -> None:
         outbound_addr = settings.outbound_addr
         disable_host_loopback = settings.disable_host_loopback
 
-        from bubblejail.namespaces import NetworkNamespace
+        from lxns.namespaces import NetworkNamespace
         target_namespace = NetworkNamespace.from_pid(pid)
-        parent_ns = target_namespace.get_user_ns()
-        parent_ns_fd = parent_ns._fd
+        parent_ns = target_namespace.get_user_namespace()
+        parent_ns_fd = parent_ns.fileno()
         parent_ns_path = f"/proc/{getpid()}/fd/{parent_ns_fd}"
 
         ready_pipe_read, ready_pipe_write = (
@@ -1061,23 +1057,16 @@ class Settings:
             )
         )
 
-    def iter_bwrap_options(self) -> ServiceGeneratorType:
-        if machine() != 'x86_64':
-            raise NotImplementedError(
-                'Limit namespaces only available on x86_64'
-            )
-
-        yield from ()
-
     @staticmethod
     def set_namespaces_limits(
         pid: int,
         namespace_files_to_limits: dict[str, int],
     ) -> None:
-        from bubblejail.namespaces import UserNamespace
+        from lxns.namespaces import UserNamespace
         target_namespace = UserNamespace.from_pid(pid)
-        parent_ns = target_namespace.get_user_ns()
+        parent_ns = target_namespace.get_user_namespace()
         parent_ns.setns()
+        target_namespace.setns()
 
         for proc_file, limit_to_set in namespace_files_to_limits.items():
             with open("/proc/sys/user/" + proc_file, mode="w") as f:

diff --git a/src/meson.build b/src/meson.build
@@ -1,8 +1,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 # SPDX-FileCopyrightText: 2022 igo95862
-if get_option('generate-namespaces-constants')
-    subdir('namespaces_constants')
-endif
 subdir('bubblejail')
 
 python_package_env.set('PYTHONPATH', meson.current_source_dir())
diff --git a/src/namespaces_constants/generate_namespaces_constants.py b/src/namespaces_constants/generate_namespaces_constants.py
diff --git a/src/namespaces_constants/meson.build b/src/namespaces_constants/meson.build
diff --git a/src/namespaces_constants/namespaces_constants_json.c b/src/namespaces_constants/namespaces_constants_json.c
diff --git a/subprojects/python-lxns b/subprojects/python-lxns