psgganesh · March 20, 2023 08:01 · Mar 20, 2023 · Mar 20, 2023 · Mar 20, 2023 · Mar 20, 2023
diff --git a/00-main.go b/00-main.go
@@ -0,0 +1,28 @@
+ package main
+
+ import "os"
+ import "fmt"
+
+ // 		docker run image <cmd> <params>
+ // go run main.go run 		 <cmd> <params>
+
+ func main() {
+	switch os.Args[1] {
+	case "run":
+		run()
+
+	default:
+		panic("bad command")
+	}
+ }
+
+ func run() {
+	// Printing the param which was provided
+	fmt.Printf("Running %v\n", os.Args[2:])
+ } 
+
+ func must(err error) {
+	if err != nil {
+		panic(err)
+	}
+ }
diff --git a/01-main.go b/01-main.go
@@ -0,0 +1,38 @@
+ package main
+
+ import "os"
+ import "fmt"
+
+ import "os/exec"
+
+ // 		docker run image <cmd> <params>
+ // go run main.go run 		 <cmd> <params>
+
+ func main() {
+	switch os.Args[1] {
+	case "run":
+		run()
+
+	default:
+		panic("bad command")
+	}
+ }
+
+ func run() {
+	// Printing the param which was provided
+	fmt.Printf("Running %v\n", os.Args[2:])
+
+	// But we want to execute, hence...
+	cmd := exec.Command(os.Args[2], os.Args[3:]...)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	cmd.Run()
+ } 
+
+ func must(err error) {
+	if err != nil {
+		panic(err)
+	}
+ }
diff --git a/02-main.go b/02-main.go
@@ -0,0 +1,43 @@
+ package main
+
+ import "os"
+ import "fmt"
+
+ import "os/exec"
+
+ // 		docker run image <cmd> <params>
+ // go run main.go run 		 <cmd> <params>
+
+ func main() {
+	switch os.Args[1] {
+	case "run":
+		run()
+
+	default:
+		panic("bad command")
+	}
+ }
+
+ func run() {
+	// Printing the param which was provided
+	fmt.Printf("Running %v\n", os.Args[2:])
+
+	// But we want to execute, hence...
+	cmd := exec.Command(os.Args[2], os.Args[3:]...)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	// But ps is same, we want to containerize, and run /bin/bash, hence...
+	cmd.SysProcAttr = &syscall.SysProcAttr {
+		CloneFlags: syscall.CLONE_NEWUTS,
+	}
+
+	cmd.Run()
+ } 
+
+ func must(err error) {
+	if err != nil {
+		panic(err)
+	}
+ }
diff --git a/03-main.go b/03-main.go
@@ -0,0 +1,49 @@
+ package main
+
+ import "os"
+ import "fmt"
+
+ import "os/exec"
+
+ // 		docker run image <cmd> <params>
+ // go run main.go run 		 <cmd> <params>
+
+ func main() {
+	switch os.Args[1] {
+	case "run":
+		run()
+
+	default:
+		panic("bad command")
+	}
+ }
+
+ func run() {
+	// Printing the param which was provided
+	fmt.Printf("Running %v\n", os.Args[2:])
+
+	// But we want to execute, hence...
+	cmd := exec.Command(os.Args[2], os.Args[3:]...)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	// But ps is same, we want to containerize, and run /bin/bash, hence...
+	cmd.SysProcAttr = &syscall.SysProcAttr {
+		CloneFlags: syscall.CLONE_NEWUTS,
+	}
+
+	// But hostname and paths are same, hence....
+	// CANT DO BEFORE RUN --> syscall.Sethostname([]byte("container"))
+
+	cmd.Run()
+
+	// CANT DO AFTER RUN --> syscall.Sethostname([]byte("container"))
+	// Hence, clone as another function func child...
+ } 
+
+ func must(err error) {
+	if err != nil {
+		panic(err)
+	}
+ }
diff --git a/README.md b/README.md
@@ -1,14 +1,20 @@
 
 Containers From Scratch • Liz Rice • GOTO 2018 - https://www.youtube.com/watch?v=8fi7uSYlOdc
 
-Namespaces - Is where we limit what a process can see
+> [Slides and video](https://gotoams.nl/2018/sessions/429/containers-from-scratch)
+
+Namespaces - Control what you can see
 * What you can see
-* Created with syscalls
+* Created with syscalls (the below list depends on particular version of your linux kernel)
   * Unix Timesharing system
   * Process IDs
   * Mounts
   * Network
   * User IDs
   * InterProcess Comms
 
+This is a big part of what makes a container - a Container. It's restricting the view of what the process have / has about the things that are going on in that machine. 
+
+Control Group: Control what you can use
+
 IBM - VM vs Containers - https://www.youtube.com/watch?v=cjXI-yxqGTI
diff --git a/main.go b/main.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"os"
+	"os/exec"
+	"syscall"
+)
+
+func main() {
+	switch os.Args[1] {
+	case "run":
+		run()
+	case "child":
+		child()
+	default:
+		panic("what")
+	}
+}
+
+func run() {
+	cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	cmd.SysProcAttr = &syscall.SysProcAttr{
+		Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID,
+	}
+
+	must(cmd.Run())
+}
+
+func child() {
+	cmd := exec.Command(os.Args[2], os.Args[3:]...)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	must(syscall.Chroot("/home/rootfs"))
+	must(os.Chdir("/"))
+	must(syscall.Mount("proc", "proc", "proc", 0, ""))
+	must(cmd.Run())
+}
+
+func must(err error) {
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/README.md b/README.md
@@ -2,6 +2,13 @@
 Containers From Scratch • Liz Rice • GOTO 2018 - https://www.youtube.com/watch?v=8fi7uSYlOdc
 
 Namespaces - Is where we limit what a process can see
-
+* What you can see
+* Created with syscalls
+  * Unix Timesharing system
+  * Process IDs
+  * Mounts
+  * Network
+  * User IDs
+  * InterProcess Comms
 
 IBM - VM vs Containers - https://www.youtube.com/watch?v=cjXI-yxqGTI
diff --git a/README.md b/README.md
@@ -0,0 +1,7 @@
+
+Containers From Scratch • Liz Rice • GOTO 2018 - https://www.youtube.com/watch?v=8fi7uSYlOdc
+
+Namespaces - Is where we limit what a process can see
+
+
+IBM - VM vs Containers - https://www.youtube.com/watch?v=cjXI-yxqGTI