containers-from-scratch | Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari | Continuous Deployment library
kandi X-RAY | containers-from-scratch Summary
kandi X-RAY | containers-from-scratch Summary
Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of containers-from-scratch
containers-from-scratch Key Features
containers-from-scratch Examples and Code Snippets
Community Discussions
Trending Discussions on containers-from-scratch
QUESTION
I'm running the golang code on this repo https://github.com/lizrice/containers-from-scratch/blob/master/main.go and I'm having a problem with the mount namespace. What the code should do is creating a process within its own mount namespace. So if I run the code with sudo go run main.go run /bin/bash
and I create a file inside the directory mytemp
, I should be able to see that file from within the new started process, but if I try to view that file moving to the rootfs directory on the host, I shouldn't be able to see that file thanks to the mount namespace.
Unfortunately I still see this file, so it seems that the process I run is not mount namespaced.
To run the code, I used this https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz as a rootfs and moved it under /home/me
. Then I created a mytemp
directory to use as the tmpfs mount target.
Do you have any ideas about the reasons why the process doesn't get mount namespaced?
Thanks!
...ANSWER
Answered 2017-Aug-05 at 17:02This issue could be solved by configuring the host machine mount to be private which does not receive or forward any propagation events to other mounts, vide RedHat - Sharing Mounts.
This command should be executed on your host machine before your create the container:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install containers-from-scratch
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page