go get github.com/lizrice/containers-from-scratch  1 ↵  978  15:29:12

github.com/lizrice/containers-from-scratch

go/src/github.com/lizrice/containers-from-scratch/main.go:33: unknown field 'Cloneflags' in struct literal of type syscall.SysProcAttr
go/src/github.com/lizrice/containers-from-scratch/main.go:49: undefined: syscall.Sethostname
go/src/github.com/lizrice/containers-from-scratch/main.go:52: undefined: syscall.Mount
go/src/github.com/lizrice/containers-from-scratch/main.go:53: undefined: syscall.Mount

Since i don't have a linux env, i thought it would be a good idea to make this tutorial in a containerized ubuntu env.

So after docker run -it ubuntu and installing golang,

package main

import ("os"
        "fmt"
        "os/exec"
        "syscall"
        )

func main() {
        switch os.Args[1] {
                case "run":
                        run()
                default:
                        panic("Bad command")
        }
}

func run() {
        fmt.Printf("Running %v\n", os.Args[2:])

        cmd := exec.Command(os.Args[2], os.Args[3:]...)
        cmd.Stdin = os.Stdin
        cmd.Stdout = os.Stdout
        cmd.Stderr = os.Stderr
        cmd.SysProcAttr = &syscall.SysProcAttr {
                Cloneflags: syscall.CLONE_NEWUTS,
        }
        cmd.Run()
}

I came until this part, but after adding

cmd.SysProcAttr = &syscall.SysProcAttr {
                Cloneflags: syscall.CLONE_NEWUTS,
 }

It is no longer running the command on the argument. Any ideas?

System details

$ go version
go version go1.12 linux/amd64

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial

Error

Getting below error on running this. Please suggest.

$ go run main.go run /bin/bash
Running [/bin/bash]
Running [/bin/bash]
runtime: failed to create new OS thread (have 5 already; errno=11)
runtime: may need to increase max user processes (ulimit -u)
fatal error: newosproc

runtime stack:
runtime.throw(0x1816686, 0x9)
	/usr/local/go/src/runtime/panic.go:605 +0x95```

Hi Liz,

I've been following "Building Containers from Scratch with Go on Safari".
Thank you very much for this course, I love it!

I hope you can shine some light on an issue I'm having with "Container Process IDs and Mounts in Go". Somehow CLONE_NEWNS doesn't hide my mount-points in the container from the host, so running mount | grep something on the host still shows mount-points from the container.
After a bit of researching, I was able to hide them, but only after setting the mount option MS_PRIVATE on / before forking. I'm running Ubuntu 16.04.3 LTS with the 4.4.0-101-generic kernel by the way.

Does this sound familiar to you?

Regards, and thanks again,

Mel.

Hi,
I'm following the source code and the thing i noticed was, I wasn't able to access and external network endpoints. All commands like ping, wget etc. failed from inside the child process.
Initially I thought this is because I haven't passed the CLONE_NEWNET namespace, but I don't think that should be the case. I tried adding it anyway but it didn't help.

$ go version
go version go1.6.2 linux/arm64

ubuntu@tegra-ubuntu:containers-from-scratch$ go run main.go run echo hello
Running [echo hello]
panic: fork/exec /proc/self/exe: operation not permitted

goroutine 1 [running]:
panic(0x1135c0, 0x482007c0f0)
/usr/lib/go-1.6/src/runtime/panic.go:481 +0x384
main.must(0x7fad349028, 0x482007c0f0)
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:73 +0x5c
main.run()
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:36 +0x4ac
main.main()
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:17 +0x90
exit status 2
ubuntu@tegra-ubuntu:containers-from-scratch$ ps
PID TTY TIME CMD
28732 pts/2 00:00:00 bash
29668 pts/2 00:00:00 ps
ubuntu@tegra-ubuntu:containers-from-scratch$ /proc/self/exe
ubuntu@tegra-ubuntu:containers-from-scratch$ ps
PID TTY TIME CMD
28732 pts/2 00:00:00 bash
29671 pts/2 00:00:00 exe
29681 pts/2 00:00:00 ps

I'm getting the above error although i can verify that rootfs exists in the provided path

# ls /rootfs/
bin  dev  etc  home  lib  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

When you are using the following syscall:

must(syscall.Mount("proc", "proc", "proc", 0, ""))

Does that mean you are mounting the existing /proc to the new location or does that mean you are creating a new /proc?

Hello Liz,
Fantastic session . howeever when i am trying to following the instructions for setting rootfs using chroot, not able to make it work

root@simpleLinuxVM:/# go run main.go run /bin/bash
Running [/bin/bash]
Running [/bin/bash]
panic: fork/exec /bin/bash: no such file or directory

Appreciate your advice.

This proof of concept and related talks helped me getting a grasp about container internals, to then be able to solve some other related issues.. and in a really entertaining way also.
Really fine material, thank you :)

As for now, I'm not able to compile main.go,
the main issue being a "no such file" when talking about pids.max
Just learned about cgroups and if I'm not wrong the reason is that the example was built for cgroupsv1
and the linux distro I'm running (as the major ones are) is using cgroupsv2 by default,
so I'd like to propose the changes I made to make it work.
It didn't took much to catch up with cgroups and differences between version,
it was an instructive activity actually.. but for the one that is in a hurry...