This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@localhost ~]# docker run -it --rm busybox /bin/sh | |
/ # command -v groupadd | |
/ # echo $? | |
127 | |
/ # addgroup -g 1003 container | |
/ # echo $? | |
0 | |
/ # adduser -u 1003 -g 1003 container | |
adduser: uid '1003' in use | |
/ # echo $? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@localhost ~]# docker run -it --rm busybox /bin/sh | |
/ # command -v groupadd | |
/ # echo $? | |
127 | |
/ # addgroup -g 1003 container | |
/ # echo $? | |
0 | |
/ # adduser -u 1003 -g 1003 container | |
adduser: uid '1003' in use | |
/ # echo $? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"mount_config":{"mounts":[{"type":"bind","source":"/var/lib/docker/init/dockerinit-1.0.1-dev","destination":"/.dockerinit","private":true},{"type":"bind","source":"/etc/resolv.conf","destination":"/etc/resolv.conf","private":true},{"type":"bind","source":"/var/lib/docker/containers/ff17757403e4b96fbb7a65dafe2dc8a3a21e809e3fa30e5d35d4f767fae267d3/hostname","destination":"/etc/hostname","private":true},{"type":"bind","source":"/var/lib/docker/containers/ff17757403e4b96fbb7a65dafe2dc8a3a21e809e3fa30e5d35d4f767fae267d3/hosts","destination":"/etc/hosts","private":true}],"device_nodes":[{"type":99,"path":"/dev/fuse","major_number":10,"minor_number":229,"cgroup_permissions":"rwm"},{"type":99,"path":"/dev/null","major_number":1,"minor_number":3,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path":"/dev/zero","major_number":1,"minor_number":5,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path":"/dev/full","major_number":1,"minor_number":7,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"mount_config":{"mounts":[{"type":"bind","source":"/var/lib/docker/init/dockerinit-1.0.1-dev","destination":"/.dockerinit","private":true},{"type":"bind","source":"/etc/resolv.conf","destination":"/etc/resolv.conf","private":true},{"type":"bind","source":"/var/lib/docker/containers/ff17757403e4b96fbb7a65dafe2dc8a3a21e809e3fa30e5d35d4f767fae267d3/hostname","destination":"/etc/hostname","private":true},{"type":"bind","source":"/var/lib/docker/containers/ff17757403e4b96fbb7a65dafe2dc8a3a21e809e3fa30e5d35d4f767fae267d3/hosts","destination":"/etc/hosts","private":true}],"device_nodes":[{"type":99,"path":"/dev/fuse","major_number":10,"minor_number":229,"cgroup_permissions":"rwm"},{"type":99,"path":"/dev/null","major_number":1,"minor_number":3,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path":"/dev/zero","major_number":1,"minor_number":5,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path":"/dev/full","major_number":1,"minor_number":7,"cgroup_permissions":"rwm","file_mode":438},{"type":99,"path |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@localhost rootfs]# nsinit exec /bin/bash | |
2014/06/26 21:50:00 EXEC USERNS | |
2014/06/26 21:50:00 &{MountConfig:0xc21001e3c0 Hostname:koye User:root WorkingDir: Env:[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=koye TERM=xterm] Tty:true Namespaces:map[NEWIPC:true NEWNET:true NEWNS:true NEWPID:true NEWUTS:true NEWUSER:true] Capabilities:[CHOWN DAC_OVERRIDE FOWNER MKNOD NET_RAW SETGID SETUID SETFCAP SETPCAP NET_BIND_SERVICE SYS_CHROOT KILL] Networks:[0xc21004e310] Routes:[] Cgroups:0xc21000f6e0 AppArmorProfile: ProcessLabel: RestrictSys:true UidMappings:[{ContainerId:0 HostId:1013 Size:1} {ContainerId:1 HostId:1 Size:1012}] GidMappings:[{ContainerId:0 HostId:1013 Size:1} {ContainerId:1 HostId:1 Size:1012}]} | |
2014/06/26 21:50:00 1 | |
2014/06/26 21:50:00 proc: &{6 0 0} | |
2014/06/26 21:50:00 uid: [{ContainerId:0 HostId:1013 Size:1} {ContainerId:1 HostId:1 Size:1012}] | |
2014/06/26 21:50:00 0 1013 1 | |
1 1 1012 | |
2014/06/26 21:50:00 0 1013 1 | |
1 1 1012 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -r 9895f9e36435 src/pkg/syscall/exec_linux.go | |
--- a/src/pkg/syscall/exec_linux.go Thu Jun 19 10:20:01 2014 +1000 | |
+++ b/src/pkg/syscall/exec_linux.go Wed Jul 30 14:03:39 2014 -0400 | |
@@ -36,7 +36,7 @@ | |
// For the same reason compiler does not race instrument it. | |
// The calls to RawSyscall are okay because they are assembly | |
// functions that do not grow the stack. | |
-func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, sys *SysProcAttr, pipe int) (pid int, err Errno) { | |
+func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, sys *SysProcAttr, child, parent int) (pid int, err Errno) { | |
// Declare all variables at top in case any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"log" | |
"os" | |
"os/exec" | |
"syscall" | |
) | |
func main() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2014/07/30 15:00:44 Command started | |
sh-4.2# mount -t proc proc /proc | |
sh-4.2# cat /proc/self/uid_map | |
0 1000 1 | |
sh-4.2# cat /proc/self/gid_map | |
0 1000 1 | |
sh-4.2# ps -ef | |
UID PID PPID C STIME TTY TIME CMD | |
root 1 0 0 15:00 pts/6 00:00:00 /bin/sh | |
root 5 1 0 15:01 pts/6 00:00:00 ps -ef |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@localhost ~]# ovs-vsctl show | |
60741b68-4d89-4cee-989c-1e5a7718731e | |
Bridge "br0" | |
fail_mode: secure | |
Port vethd | |
Interface vethd | |
Port vethc | |
Interface vethc | |
Port "vxlan0" | |
Interface "vxlan0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"log" | |
docker "github.com/fsouza/go-dockerclient" | |
) | |
func main() { |