Skip to content

Instantly share code, notes, and snippets.

@jessfraz

jessfraz/cheatsheet.md

Last active December 21, 2018 00:13
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save jessfraz/c771c63c376236bd419c to your computer and use it in GitHub Desktop.
Save jessfraz/c771c63c376236bd419c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cheatsheet.md

Setup

curl -sSL -o clone.c goo.gl/G45N5X

Net Namespace

# on host
ip a

# add CLONE_NEWNET
gcc -o net -w clone.c

./net ip a

unshare --net ip a

UTS Namespace

# no flags
gcc -o uts -w clone.c

./uts hostname

# add CLONE_NEWUTS
# uncomment hostname code
gcc -o uts -w clone.c

./uts hostname

unshare --uts -- /bin/bash -c 'hostname thing && hostname'

IPC Namespace

# host, create a message
ipcmk -Q

# no flags
gcc -o ipc -w clone.c

./ipc ipcs -q

# add CLONE_NEWIPC
gcc -o ipc -w clone.c

./ipc ipcs -q

unshare --ipc -- ipcs -q

User Namespace

# no flags
gcc -o user -w clone.c

./user ls -la

# add CLONE_NEWUSER
gcc -o user -w clone.c

./user ls -la

unshare --user -- ls -la

PID Namespace

# add CLONE_NEWPID
gcc -o pid -w clone.c

# run binary
./pid ps aux

# shows all processes
# add CLONE_NEWNS
# uncomment mounting of proc
gcc -o pid -w clone.c

# run binary
./pid ps aux
Raw
clone.c
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <sched.h>
#include <sys/wait.h>
#include <errno.h>
#define STACKSIZE (1024*1024)
static char child_stack[STACKSIZE];
struct clone_args {
char **argv;
};
// child_exec is the func that will be executed as the result of clone
static int child_exec(void *stuff)
{
struct clone_args *args = (struct clone_args *)stuff;
/*
// mount proc
if (umount("/proc", 0) != 0) {
fprintf(stderr, "failed unmount /proc %s\n",
strerror(errno));
exit(-1);
}
if (mount("proc", "/proc", "proc", 0, "") != 0) {
fprintf(stderr, "failed mount /proc %s\n",
strerror(errno));
exit(-1);
}
*/
/*
// sethostname
const char * new_hostname = "myhostname";
if (sethostname(new_hostname, strlen(new_hostname)) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
*/
if (execvp(args->argv[0], args->argv) != 0) {
fprintf(stderr, "failed to execvp argments %s\n",
strerror(errno));
exit(-1);
}
// we should never reach here!
exit(EXIT_FAILURE);
}
int main(int argc, char **argv)
{
struct clone_args args;
args.argv = &argv[1];
int clone_flags = SIGCHLD;
// the result of this call is that our child_exec will be run in another
// process returning it's pid
pid_t pid =
clone(child_exec, child_stack + STACKSIZE, clone_flags, &args);
if (pid < 0) {
fprintf(stderr, "clone failed WTF!!!! %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
// lets wait on our child process here before we, the parent, exits
if (waitpid(pid, NULL, 0) == -1) {
fprintf(stderr, "failed to wait pid %d\n", pid);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
@michrabi
Copy link

michrabi commented Jan 3, 2018

I get a 404 error for curl -sSL -o clone.c goo.gl/G45N5X :/

@kdridi
Copy link

kdridi commented Jul 3, 2018

@michrabi you can curl it from here : https://gist.githubusercontent.com/jessfraz/0d581a5085172c5ee2ba/raw/a5b3e257eb40e2e017228413f8f50b173ff2e917/clone.c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment