The registry

Each user’s settings are stored in a “registry”. This is a git repository with a set of json files which store the state of the subuser installation.

class subuserlib.classes.registry.Registry(user, gitReadHash='master', ignoreVersionLocks=False, initialized=False)[source]
cleanOutOldPermissions()[source]
commit(message=None)[source]

Git commit the changes to the registry files, installed-miages.json and subusers.json.

ensureGitRepoInitialized()[source]
getGitReadHash()[source]
getGitRepository()[source]
getLock()[source]

To be used with with.

getLogOutputVerbosity()[source]
getRepositories()[source]
getSubusers()[source]
log(message, verbosityLevel=1)[source]

If the current verbosity level is equal to or greater than verbosityLevel, print the message to the screen. If the current verbosity level is equal to or greater than verbosityLevel minus one, add the message to the log. Do not mark the registry as changed.

logChange(message, verbosityLevel=1)[source]

Add a log message to the registry’s change log, and mark the registry as changed.

logRenameCommit(message)[source]

Add a new message to the top of the log.

logToLiveLog(announcement)[source]
setChanged(changed=True)[source]
setLogOutputVerbosity(level)[source]

Repositories

This is the list of repositories from which subuser images may be installed or updated.

class subuserlib.classes.repositories.Repositories(user)[source]
addRepository(repository)[source]
getNewUniqueTempRepoId()[source]

Return a new, unique, identifier for a temporary repository. This function is useful when creating new temporary repositories.

reloadRepositoryLists()[source]

Load the repository list from disk, discarding the current in-memory version.

removeRepository(name)[source]
save()[source]

Save attributes of the repositories to disk.

Note: This is done automatically for you when you commit() the registry.

serializeRepositoriesToDict(repositories)[source]
serializeRepositoryStatesToDict()[source]
serializeToDict()[source]

Note: The save method serializes only that which needs to be saved. Not the entire repositories list. This returns a complete dictionary including system repositories and their states.

A repository is a collection of ImageSource s which are published in a git repo.

class subuserlib.classes.repository.Repository(user, name, gitOriginURI=None, gitCommitHash=None, temporary=False, sourceDir=None)[source]
describe()[source]
getDisplayName()[source]

How should we refer to this repository when communicating with the user?

getFileStructure()[source]
getGitCommitHash()[source]
getGitOriginURI()[source]
getGitRepository()[source]
getImageSourcesDir()[source]

Get the path of the repo’s subuser root on disk on the host.

getName()[source]
getRelativeImageSourcesDir()[source]

Get the path of the repo’s subuser root on disk on the host.

getRepoConfig()[source]
getRepoPath()[source]

Get the path of the repo’s sources on disk.

getSortedList()[source]

Return a list of image sources sorted by name.

getSourceDir()[source]
getURI()[source]
isInUse()[source]

Are there any installed images or subusers from this repository?

isLocal()[source]
isPresent()[source]

Returns True if the repository’s files are present on the system. (Cloned or local)

isTemporary()[source]
loadImageSources()[source]

Load ImageSources from disk into memory.

loadRepoConfig()[source]

Either returns the config as a dictionary or None if no configuration exists or can be parsed.

removeGitRepo()[source]

Remove the downloaded git repo associated with this repository from disk.

serializeToDict()[source]

Return a dictionary which describes the image sources available in this repository.

updateGitCommitHash()[source]

Update the internally stored git commit hash to the current git HEAD of the repository. Returns True if the repository has been updated. Otherwise false.

updateSources(initialUpdate=False)[source]

Pull(or clone) the repo’s ImageSources from git origin.

Images in subuser are built from ImageSource objects.

class subuserlib.classes.imageSource.ImageSource(user, repo, name, explicitConfig=None)[source]
build(parent, useCache=False)[source]
describe()[source]

Describe this ImageSource including it’s default permissions.

Prints to standard output.

getDependency()[source]

Returns the dependency of this ImageSource as a ImageSource. Or None if there is no dependency.

getDockerImageTag()[source]
getHash()[source]

Return the hash of the image directory.

getIdentifier()[source]

Return a standard human readable identifier for an ImageSource.

getImageDir()[source]
getImageFile()[source]
getImageFileContents()[source]
getImageFileType()[source]
getInstalledImages()[source]

Return the installed images which are based on this image.

getLatestInstalledImage()[source]

Get the most up-to-date InstalledImage based on this ImageSource. Returns None if no images have been installed from this ImageSource.

getName()[source]
getPermissions()[source]
getPermissionsFilePath()[source]
getRelativePermissionsFilePath()[source]
getRelativeSourceDir()[source]
getRepository()[source]

Get the repository where this ImageSource resides.

getSourceDir()[source]
getSubusers()[source]

Get a list of subusers that were built from this ImageSource.

Subusers

This is the list of subusers controlled by a given user.

class subuserlib.classes.subusers.Subusers(user)[source]

A subusers object stores the set of all subusers owned by a given user.

getSortedList()[source]

Return a list of subusers sorted by name.

save()[source]

Save the list of subusers to disk.

serializeToDict()[source]

A subuser is an entity that runs within a Docker container and has a home directory and a set of permissions that allow it to access a limited part of the host system.

exception subuserlib.classes.subuser.NoImageSourceException[source]
class subuserlib.classes.subuser.Subuser(user, name, imageId, executableShortcutInstalled, locked, serviceSubusers, imageSource=None, imageSourceName=None, repoName=None, entrypointsExposed=False)[source]
addServiceSubuser(name)[source]
areEntryPointsExposed()[source]
createPermissions(permissionsDict)[source]
describe()[source]
editPermissionsCLI()[source]
exposeEntrypoints()[source]

Create launcher executables for the subuser’s entrypoints.

getDockersideHome()[source]
getHomeDirOnHost()[source]

Returns the path to the subuser’s home dir. Unless the subuser is configured to have a stateless home, in which case returns None.

getImageId()[source]

Get the Id of the Docker image associated with this subuser. None, if the subuser has no installed image yet.

getImageSource()[source]

Note, it is posssible that the subuser’s image source no longer exists, in which case this function raises a NoImageSourceException.

getImageSourceName()[source]
getName()[source]
getPermissions()[source]
getPermissionsDir()[source]
getPermissionsDotJsonWritePath()[source]
getPermissionsTemplate()[source]
getRelativePermissionsDir()[source]

Get the permissions directory as relative to the registry’s git repository.

getRunReadyImage()[source]
getRuntime(environment, extraDockerFlags=None, entrypoint=None)[source]

Returns the subuser’s Runtime object for it’s current permissions, creating it if necessary.

getRuntimeCache()[source]
getServiceSubuserNames()[source]

Get this subuser’s service subusers.

getSourceRepoName()[source]
getX11Bridge()[source]

Return the X11 bridge object for this subuser.

installExecutableShortcut()[source]
installLaunchScript(name, script)[source]

Install a trivial executable script into the PATH which launches the subser image.

isExecutableShortcutInstalled()[source]
isImageInstalled()[source]
loadPermissions()[source]
locked()[source]

Returns True if the subuser is locked. Users lock subusers in order to prevent updates and rollbacks from effecting them.

removePermissions()[source]

Remove the user set and template permission files.

setEntrypointsExposed(exposed)[source]
setExecutableShortcutInstalled(installed)[source]
setImageId(imageId)[source]

Set the installed image associated with this subuser.

setLocked(locked)[source]

Mark the subuser as locked or unlocked.

We lock subusers to their current states to prevent updates and rollbacks from effecting them.

setupHomeDir()[source]

Sets up the subuser’s home dir, along with creating symlinks to shared user dirs.

wereEntryPointsExposedThisRun()[source]
exception subuserlib.classes.subuser.SubuserHasNoPermissionsException[source]

Both Subuser and ImageSource objects have permissions.

Each subuser has a set of permissions which specify what parts of the host system it is allowed to access.

class subuserlib.classes.permissions.Permissions(user, initialPermissions, writePath=None)[source]
applyChanges(permissionsToRemove, permissionsToAddOrChange)[source]
describe()[source]
getHash()[source]

Return the SHA512 hash of the given permissions.

getWritePath()[source]

Return the path to which the permissions object is to be saved.

save()[source]