Skip to content

Instantly share code, notes, and snippets.

@snarkmaster
snarkmaster / locked_mount_via_propagation.cpp
Last active August 10, 2023 22:37
Linux demo: Creating irrevocably read-only bind mounts (`MNT_LOCK_READONLY`) via mount propagation into another user NS
/*
This shows one of two possible methods (as of Linux v6.4.9) for seting up a
MNT_LOCK_READONLY mount, which is a mount that cannot be remounted
read-write even by a fully privileged super-user. The same principle applies
to locking NODEV, NOSUID, and NOEXEC [1].
Hopefully, at some point the Linux kernel will support setting locked bits
via `mount_setattr` [2], but as of v6.4.9, this appears to be the simplest way.
This `attach_recursive_mnt`-based method works best if you can have a
@snarkmaster
snarkmaster / locked_mount_via_newns.cpp
Last active August 10, 2023 23:14
Linux demo: Creating irrevocably read-only bind mounts (`MNT_LOCK_READONLY`) via user namespace moves
/*
This shows one of two possible methods (as of Linux v6.4.9) for seting up a
MNT_LOCK_READONLY mount, which is a mount that cannot be remounted
read-write even by a fully privileged super-user. The same principle applies
to locking NODEV, NOSUID, and NOEXEC [1].
Hopefully, at some point the Linux kernel will support setting locked bits
via `mount_setattr` -- see [2].
This works as follows:
/*
This is a unfinished program that's part of a `libcap-ng` bug report.
The bug repro looks like this -- the target PID 3554846 is just a random
unprivileged process:
echo target: &&
grep ^Cap /proc/3554846/status &&
sudo capsh --drop=cap_chown -- -c '
echo under capsh: &&
'''
`deepfrozen`: Recursively immutable types that support inheritance.
- Unlike frozen `dataclass`es or `NamedTuple`s, this lets you make
types recursively immutable.
- Unlike `dataclass` the immutability guarantee is strong, you cannot
bypass it via `setattr`.
- Unlike `NamedTuple` this supports inheritance.
- Unlike `PyRecord`, this is immutable and hashable.
@snarkmaster
snarkmaster / rpm_location_parser.py
Created September 13, 2018 18:28
Parsing RPM location href from the repo's primary XML
class _RpmLocationParser(AbstractContextManager):
'''
Parses through -primary.xml.gz and extracts `href` from each `location`.
NB: This XML parsing takes ~4 seconds, while it takes ~1.5 seconds to
unpack -primary.sqlite.bz2 and `SELECT location_href FROM packages`.
'''
def __init__(self):
self.decompressor = zlib.decompressobj(wbits=zlib.MAX_WBITS + 16)
self.xml_parser = XMLPullParser(['start'])
response = query_bistro(args, {
'h': {'handler': 'histogram'},
'j': {'handler': 'jobs'},
})
jobs = response['j']['data']
histograms = response['h']['data']['histograms']
for job_id, job in jobs.iteritems():
print('Number of done or failed tasks for', job_id, '-', sum(
count for enc_bits, count in histograms[job_id][
From afb9cfba2854c48e1995e1c4940d679469febd94 Mon Sep 17 00:00:00 2001
From: Alexey Spiridonov <[email protected]>
Date: Sun, 5 Aug 2018 15:36:06 -0700
Subject: [PATCH] Switch to a more complex plugin invocation API
---
mypy/plugin.py | 11 ++++++-----
mypy/semanal.py | 7 ++++++-
2 files changed, 12 insertions(+), 6 deletions(-)
(mypy) lesha@ubuntu:~/github/snarkmaster/mypy$ ./runtests.py
PARALLEL 1
SUMMARY 127 tasks selected
============================= test session starts ==============================
platform linux -- Python 3.6.4, pytest-3.4.0, py-1.5.2, pluggy-0.6.0
rootdir: /home/lesha/github/snarkmaster/mypy, inifile: pytest.ini
plugins: xdist-1.22.0, forked-0.2, cov-2.5.1
gw0 [5691]
scheduling tests via LoadScheduling
..............................s......................................... [ 1%]