mount namespace

[root@dock01 C]# cat ns.c
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/wait.h>
#include <stdio.h>
#include <sched.h>
#include <signal.h>
#include <unistd.h>

/* 定义一个给 clone 用的栈，栈大小1M */
#define STACK_SIZE (1024 * 1024)
static char container_stack[STACK_SIZE];

char* const container_args[] = {
"/bin/bash",
NULL
};
int container_main(void* arg)
{
printf("Container - inside the container!\n");
sethostname("container",10); /* 设置hostname */
/*mount("none", "/tmp", "tmpfs", 0, "");*/
execv(container_args[0], container_args);
printf("Something's wrong!\n");
return 1;
}

int main()
{
printf("Parent - start a container!\n");
int container_pid = clone(container_main, container_stack+STACK_SIZE,
CLONE_NEWUTS | SIGCHLD, NULL); /*启用CLONE_NEWUTS Namespace隔离 */
waitpid(container_pid, NULL, 0);
printf("Parent - container stopped!\n");
return 0;
}

[root@dock01 C]# cat ns.c
#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/wait.h>
#include <stdio.h>
#include <sched.h>
#include <signal.h>
#include <unistd.h>

/* 定义一个给 clone 用的栈，栈大小1M */
#define STACK_SIZE (1024 * 1024)
static char container_stack[STACK_SIZE];

char* const container_args[] = {
"/bin/bash",
NULL
};
int container_main(void* arg)
{
printf("Container - inside the container!\n");
sethostname("container",10); /* 设置hostname */
mount("none", "/tmp", "tmpfs", 0, "");
execv(container_args[0], container_args);
printf("Something's wrong!\n");
return 1;
}

[root@container C]# hostname
container
[root@container C]# ls -ltr /tmp
total 0
drwx------ 3 root root 17 Dec 26 22:19 systemd-private-a3db8dd5d4294e49ad66394633387995-cups.service-GPTcb7
drwx------ 3 root root 17 Dec 26 22:20 systemd-private-a3db8dd5d4294e49ad66394633387995-bolt.service-fvXxvZ

[root@dock01 C]# ./ns
Parent - start a container!
Container - inside the container!
[root@container C]# ls -ltr /tmp
total 0

猜你喜欢