lizrice / containers-from-scratch Goto Github PK
View Code? Open in Web Editor NEWWriting a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
Home Page: http://lizrice.com
License: MIT License
Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
Home Page: http://lizrice.com
License: MIT License
go get github.com/lizrice/containers-from-scratch 1 ↵ 978 15:29:12
go/src/github.com/lizrice/containers-from-scratch/main.go:33: unknown field 'Cloneflags' in struct literal of type syscall.SysProcAttr
go/src/github.com/lizrice/containers-from-scratch/main.go:49: undefined: syscall.Sethostname
go/src/github.com/lizrice/containers-from-scratch/main.go:52: undefined: syscall.Mount
go/src/github.com/lizrice/containers-from-scratch/main.go:53: undefined: syscall.Mount
Since i don't have a linux env, i thought it would be a good idea to make this tutorial in a containerized ubuntu env.
So after docker run -it ubuntu and installing golang,
package main
import ("os"
"fmt"
"os/exec"
"syscall"
)
func main() {
switch os.Args[1] {
case "run":
run()
default:
panic("Bad command")
}
}
func run() {
fmt.Printf("Running %v\n", os.Args[2:])
cmd := exec.Command(os.Args[2], os.Args[3:]...)
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.SysProcAttr = &syscall.SysProcAttr {
Cloneflags: syscall.CLONE_NEWUTS,
}
cmd.Run()
}
I came until this part, but after adding
cmd.SysProcAttr = &syscall.SysProcAttr {
Cloneflags: syscall.CLONE_NEWUTS,
}
It is no longer running the command on the argument. Any ideas?
$ go version
go version go1.12 linux/amd64
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Getting below error on running this. Please suggest.
$ go run main.go run /bin/bash
Running [/bin/bash]
Running [/bin/bash]
runtime: failed to create new OS thread (have 5 already; errno=11)
runtime: may need to increase max user processes (ulimit -u)
fatal error: newosproc
runtime stack:
runtime.throw(0x1816686, 0x9)
/usr/local/go/src/runtime/panic.go:605 +0x95```
Hi Liz,
I've been following "Building Containers from Scratch with Go on Safari".
Thank you very much for this course, I love it!
I hope you can shine some light on an issue I'm having with "Container Process IDs and Mounts in Go". Somehow CLONE_NEWNS
doesn't hide my mount-points in the container from the host, so running mount | grep something
on the host still shows mount-points from the container.
After a bit of researching, I was able to hide them, but only after setting the mount option MS_PRIVATE
on /
before forking. I'm running Ubuntu 16.04.3 LTS with the 4.4.0-101-generic kernel by the way.
Does this sound familiar to you?
Regards, and thanks again,
Mel.
Hi,
I'm following the source code and the thing i noticed was, I wasn't able to access and external network endpoints. All commands like ping
, wget
etc. failed from inside the child
process.
Initially I thought this is because I haven't passed the CLONE_NEWNET
namespace, but I don't think that should be the case. I tried adding it anyway but it didn't help.
$ go version
go version go1.6.2 linux/arm64
ubuntu@tegra-ubuntu:containers-from-scratch$ go run main.go run echo hello
Running [echo hello]
panic: fork/exec /proc/self/exe: operation not permitted
goroutine 1 [running]:
panic(0x1135c0, 0x482007c0f0)
/usr/lib/go-1.6/src/runtime/panic.go:481 +0x384
main.must(0x7fad349028, 0x482007c0f0)
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:73 +0x5c
main.run()
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:36 +0x4ac
main.main()
/home/ubuntu/go/src/github.com/lizrice/containers-from-scratch/main.go:17 +0x90
exit status 2
ubuntu@tegra-ubuntu:containers-from-scratch$ ps
PID TTY TIME CMD
28732 pts/2 00:00:00 bash
29668 pts/2 00:00:00 ps
ubuntu@tegra-ubuntu:containers-from-scratch$ /proc/self/exe
ubuntu@tegra-ubuntu:containers-from-scratch$ ps
PID TTY TIME CMD
28732 pts/2 00:00:00 bash
29671 pts/2 00:00:00 exe
29681 pts/2 00:00:00 ps
I'm getting the above error although i can verify that rootfs
exists in the provided path
# ls /rootfs/
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
When you are using the following syscall:
must(syscall.Mount("proc", "proc", "proc", 0, ""))
Does that mean you are mounting the existing /proc to the new location or does that mean you are creating a new /proc?
Hello Liz,
Fantastic session . howeever when i am trying to following the instructions for setting rootfs using chroot, not able to make it work
root@simpleLinuxVM:/# go run main.go run /bin/bash
Running [/bin/bash]
Running [/bin/bash]
panic: fork/exec /bin/bash: no such file or directory
Appreciate your advice.
This proof of concept and related talks helped me getting a grasp about container internals, to then be able to solve some other related issues.. and in a really entertaining way also.
Really fine material, thank you :)
As for now, I'm not able to compile main.go,
the main issue being a "no such file" when talking about pids.max
Just learned about cgroups and if I'm not wrong the reason is that the example was built for cgroupsv1
and the linux distro I'm running (as the major ones are) is using cgroupsv2 by default,
so I'd like to propose the changes I made to make it work.
It didn't took much to catch up with cgroups and differences between version,
it was an instructive activity actually.. but for the one that is in a hurry...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.