Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Setup

curl -sSL -o clone.c goo.gl/G45N5X

Net Namespace

# on host
ip a

# add CLONE_NEWNET
gcc -o net -w clone.c

./net ip a

unshare --net ip a

UTS Namespace

# no flags
gcc -o uts -w clone.c

./uts hostname

# add CLONE_NEWUTS
# uncomment hostname code
gcc -o uts -w clone.c

./uts hostname

unshare --uts -- /bin/bash -c 'hostname thing && hostname'

IPC Namespace

# host, create a message
ipcmk -Q

# no flags
gcc -o ipc -w clone.c

./ipc ipcs -q

# add CLONE_NEWIPC
gcc -o ipc -w clone.c

./ipc ipcs -q

unshare --ipc -- ipcs -q

User Namespace

# no flags
gcc -o user -w clone.c

./user ls -la

# add CLONE_NEWUSER
gcc -o user -w clone.c

./user ls -la

unshare --user -- ls -la

PID Namespace

# add CLONE_NEWPID
gcc -o pid -w clone.c

# run binary
./pid ps aux

# shows all processes
# add CLONE_NEWNS
# uncomment mounting of proc
gcc -o pid -w clone.c

# run binary
./pid ps aux
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <sched.h>
#include <sys/wait.h>
#include <errno.h>
#define STACKSIZE (1024*1024)
static char child_stack[STACKSIZE];
struct clone_args {
char **argv;
};
// child_exec is the func that will be executed as the result of clone
static int child_exec(void *stuff)
{
struct clone_args *args = (struct clone_args *)stuff;
/*
// mount proc
if (umount("/proc", 0) != 0) {
fprintf(stderr, "failed unmount /proc %s\n",
strerror(errno));
exit(-1);
}
if (mount("proc", "/proc", "proc", 0, "") != 0) {
fprintf(stderr, "failed mount /proc %s\n",
strerror(errno));
exit(-1);
}
*/
/*
// sethostname
const char * new_hostname = "myhostname";
if (sethostname(new_hostname, strlen(new_hostname)) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
*/
if (execvp(args->argv[0], args->argv) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
// we should never reach here!
exit(EXIT_FAILURE);
}
int main(int argc, char **argv)
{
struct clone_args args;
args.argv = &argv[1];
int clone_flags = SIGCHLD;
// the result of this call is that our child_exec will be run in another
// process returning it's pid
pid_t pid =
clone(child_exec, child_stack + STACKSIZE, clone_flags, &args);
if (pid < 0) {
fprintf(stderr, "clone failed WTF!!!! %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
// lets wait on our child process here before we, the parent, exits
if (waitpid(pid, NULL, 0) == -1) {
fprintf(stderr, "failed to wait pid %d\n", pid);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
@michrabi

This comment has been minimized.

Copy link

@michrabi michrabi commented Jan 3, 2018

I get a 404 error for curl -sSL -o clone.c goo.gl/G45N5X :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment