This is a proof of concept of a portable operating system a-la-docker.
It is a single binary that contains an image of an OS in SquashFS and the binary to run it.
a make
will build the binary with an embedded alpine image. make havre-xenial
will build a binary with an embedded ubuntu image.
What does the binary do?
- locate the offset of the FS image within itself (based on magic numbers for gzip and lzma);
- mount it on a loop device;
- create a new namespace for a new process;
- call itself in the new namespace (via
/proc/self/exe
); - chroot in the mounted image;
- finally executes the command and arguments that were passed in the execution.
For example:
sudo ./havre-alpine /bin/sh -l
executes a shell in the distribution that is embedded in the binary (alpine linux here).
The main idea has been taken from Liz Rice's talk: What is a container, really? Let's write one in Go from scratch. She took the idea from Julian Friedman Build Your Own Container Using Less than 100 Lines of Go
I've simply added the principle of the embedded image and the code to mount it on a loopback device.
Warning this is a POC, errors are badly tested, it should be run as root, well there is still a lot to do to actually use that in the real life...
- Obviously some code cleaning and refactoring.
- Playing with CGroups...
- add some fun feature
- add even more fun features
- sharing
# Running locally... I see all the PIDs
$ ps auxww | wc -l
199
# Entering the "chroot and namespace"
$ sudo ./havre-alpine run /bin/sh -l
localhost:/# cat /etc/alpine-release
3.6.2
# I see only my processes
localhost:/# ps auxww
PID USER TIME COMMAND
1 root 0:00 /proc/self/exe child /tmp/.havre689486390 /bin/sh -l
5 root 0:00 /bin/sh -l
6 root 0:00 ps auxww
All the system logic is in main.go
.
The file offset.go
is just a helper to locate the offset and does not carry any system logic for the container.
You should checkout Darch. It doesn't something similar, but you can boot natively into the images.
https://pknopf.com/post/2018-11-09-give-ubuntu-darch-a-quick-ride-in-a-virtual-machine/