-
-
Save jvns/ea2e4d572b4e2285148b8e87f70eed73 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # you have to run this as root | |
| # It only runs on Linux (namespaces and cgroups only exist on Linux) | |
| # if you don't have it, cgcreate is in the libcgroup package | |
| set -eux # let's be safe | |
| # Download the container (it's in a github gist published by my github account) | |
| # This is just the frapsoft/fish Fish Docker container flattened into a single tarball | |
| # You can also easily make your own tarball to run instead of this one with `docker export` | |
| wget bit.ly/fish-container -O fish.tar | |
| # extract fish.tar into a directory | |
| mkdir container-root | |
| cd container-root | |
| tar -xf ../fish.tar | |
| # generate a random cgroup id | |
| uuid="cgroup_$(shuf -i 1000-2000 -n 1)" | |
| # create the cgroup | |
| cgcreate -g "cpu,cpuacct,memory:$uuid" | |
| # assign CPU/memory limits to the cgroup | |
| cgset -r cpu.shares=512 "$uuid" | |
| cgset -r memory.limit_in_bytes=1000000000 "$uuid" | |
| # The following line does a lot of work: | |
| # 1. cgexec: use our new cgroup | |
| # 2. unshare: make and use a new PID, network, hostname, and mount namespace | |
| # 3. chroot: change root directory to current directory | |
| # 4. mount: use the right /proc in our new mount namespace | |
| # 5. hostname: change the hostname in the new hostname namespace to something fun | |
| cgexec -g "cpu,cpuacct,memory:$uuid" \ | |
| unshare -fmuipn --mount-proc \ | |
| chroot "$PWD" \ | |
| /bin/sh -c "/bin/mount -t proc proc /proc && hostname container-fun-times && /usr/bin/fish" | |
| # Here are ome fun things to try once you're running your container! | |
| # Run them both in the container and in a normal shell and see the difference | |
| # - ps aux | |
| # - ifconfig | |
| # - hostname |
vosechu
commented
Feb 25, 2024
via email
Awesome, thank you! I’ll see if I can make a new one for arm and I’ll post
the instructions for future generations.
…On Tue, Feb 20, 2024 at 9:30 PM Julia Evans ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
I don't remember exactly, but I think I made a Docker container and then
used docker export to export it as a tarball
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/jvns/ea2e4d572b4e2285148b8e87f70eed73#gistcomment-4921047>
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAACZR6FJSSBQEZNHDDMPADYUVL2TBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMJTGM4DEMJUU52HE2LHM5SXFJTDOJSWC5DF>
.
You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>
.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment