-
-
Save jvns/ea2e4d572b4e2285148b8e87f70eed73 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# you have to run this as root | |
# It only runs on Linux (namespaces and cgroups only exist on Linux) | |
# if you don't have it, cgcreate is in the libcgroup package | |
set -eux # let's be safe | |
# Download the container (it's in a github gist published by my github account) | |
# This is just the frapsoft/fish Fish Docker container flattened into a single tarball | |
# You can also easily make your own tarball to run instead of this one with `docker export` | |
wget bit.ly/fish-container -O fish.tar | |
# extract fish.tar into a directory | |
mkdir container-root | |
cd container-root | |
tar -xf ../fish.tar | |
# generate a random cgroup id | |
uuid="cgroup_$(shuf -i 1000-2000 -n 1)" | |
# create the cgroup | |
cgcreate -g "cpu,cpuacct,memory:$uuid" | |
# assign CPU/memory limits to the cgroup | |
cgset -r cpu.shares=512 "$uuid" | |
cgset -r memory.limit_in_bytes=1000000000 "$uuid" | |
# The following line does a lot of work: | |
# 1. cgexec: use our new cgroup | |
# 2. unshare: make and use a new PID, network, hostname, and mount namespace | |
# 3. chroot: change root directory to current directory | |
# 4. mount: use the right /proc in our new mount namespace | |
# 5. hostname: change the hostname in the new hostname namespace to something fun | |
cgexec -g "cpu,cpuacct,memory:$uuid" \ | |
unshare -fmuipn --mount-proc \ | |
chroot "$PWD" \ | |
/bin/sh -c "/bin/mount -t proc proc /proc && hostname container-fun-times && /usr/bin/fish" | |
# Here are ome fun things to try once you're running your container! | |
# Run them both in the container and in a normal shell and see the difference | |
# - ps aux | |
# - ifconfig | |
# - hostname |
@jvns Ah, thank you for asking. I was using `multipass` to start a full
linux vm.
I’m going to try to download a new fish-container, but I’ve run into an
interesting rabbit hole in trying to get a docker image as a tarball. I
thought `docker save` would have done it, but that outputs all the layers
as independent tarballs. That’s cool, but it’s not really the same thing. :)
How did you get the original fish-container? Did you build it from scratch?
…On Tue, Feb 20, 2024 at 3:40 PM Julia Evans ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
@vosechu <https://github.com/vosechu> just to check: is your Mac running
Linux? This script only works on Linux.
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/jvns/ea2e4d572b4e2285148b8e87f70eed73#gistcomment-4920486>
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAACZR7ROWYQNKA72IBXKKTYUUC3PBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMJTGM4DEMJUU52HE2LHM5SXFJTDOJSWC5DF>
.
You are receiving this email because you were mentioned.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>
.
I don't remember exactly, but I think I made a Docker container and then used docker export
to export it as a tarball
Awesome, thank you! I’ll see if I can make a new one for arm and I’ll post
the instructions for future generations.
…On Tue, Feb 20, 2024 at 9:30 PM Julia Evans ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
I don't remember exactly, but I think I made a Docker container and then
used docker export to export it as a tarball
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/jvns/ea2e4d572b4e2285148b8e87f70eed73#gistcomment-4921047>
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAACZR6FJSSBQEZNHDDMPADYUVL2TBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMJTGM4DEMJUU52HE2LHM5SXFJTDOJSWC5DF>
.
You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>
.
Re: @vosechu’s comment, we managed to get this working! Both on M1 macs, we still used multipass for a linux vm.
We pulled the dideler/fish-shell:3.6.1 (the most recent version for arm64/v8) image, and spun up a container. With the container running, in another tab, we used docker export
to create a new tarball like @ndom91 and @jvns mentioned. Then used @ndom91’s updates for cgroups v2, which worked like a charm.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
My friends and I tried to run this today on an M1 mac and of course, got an
Exec format error
. When we ranfile bin/sh
it says it's built for x86-64 (which I believe is intel, not ARM). So if people get that error, that's why. We didn't find a way around it before the end of our timebox.Thank you @ndom91 for the updated instructions! That was really helpful and got us almost to the end!