Simple demonstration codebase for how containers work
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
demo Added capabilities demo Mar 10, 2018
runtime More stern warnings Feb 12, 2018
testcontainer Working mount namespaces... Feb 10, 2018
.gitignore Easier compilation, better readme Feb 11, 2018
CMakeLists.txt Easier compilation, better readme Feb 11, 2018
README.md More stern warnings Feb 12, 2018
demo_container_runtime.cbp Added capabilities demo Mar 10, 2018
screenshot.png Added screenshot Feb 12, 2018

README.md

Abstract

This is a demo container runtime to showcase how various Linux features, like namespaces, are used to create containers.

Warning #1

THIS CODE IS INTENDED FOR DEMONSTRATION PURPOSES ONLY AND IS NOT SUITABLE FOR A PRODUCTION ENVIRONMENT!

Warning #2

YOU SHOULD PROBABLY NOT RUN THIS ON YOUR LAPTOP! Parts of this codebase mess with mount points, etc and could destroy your files. Or eat your cat. And maybe burn down your house. You have been warned.

Contents

Compiling

If you want to compile this demo, you need at least cmake 3.5 and the libseccomp header files. Compilation can be done with cmake:

cmake .
make

This will generate a number of binaries:

  • demo/namespaces/mount/demo_namespaces_mount
  • demo/namespaces/net/demo_namespaces_net
  • demo/namespaces/pid/demo_namespaces_pid
  • demo/namespaces/uts/demo_namespaces_uts
  • demo/seccomp/demo_seccomp
  • runtime/demo_runtime

Each of these is documented in the readme of their respective folder.

Further reading

The operational theory of this runtime is explained in detail on my blog.