final_container.c

#define _GNU_SOURCE

#include <sched.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <errno.h>
#include <string.h>
#include <sys/mount.h>

// run_child is ran by the child process when it is created.
int run_child(void *arg)
{
    int ret_chroot = chroot("./rootfs");
    if (ret_chroot == -1) {
        printf("chroot failed: %s\n", strerror(errno));
        return 1;
    }

    int ret_chdir = chdir("/");
    if (ret_chdir == -1) {
        printf("chdir failed: %s\n", strerror(errno));
        return 1;
    }

    int ret_mount = mount("proc", "/proc", "proc", 0, NULL);
    if (ret_mount == -1) {
        printf("mount failed: %s\n", strerror(errno));
        return 1;
    }
    
    char *filename = (char *)arg;
    char *argv[] = {filename, NULL};

    int exec_ret = execv(filename, argv);
    if (exec_ret == -1)
    {
        printf("execv failed: %s\n", strerror(errno));
        return 1;
    }

    return 0;
}

int main(int argc, char *argv[])
{
    // allocates 1MB of stack for the child
    void *pchild_stack = malloc(1024 * 1024);
    if (pchild_stack == NULL)
    {
        printf("Failed to allocate stack for child\n");
        return -1;
    }

    if (argc < 2)
    {
        printf("Usage: %s <command>\n", argv[0]);
        return -1;
    }

    // clones the process
    pid_t pid = clone(
        run_child,                                            // function to run in the child
        pchild_stack + 1024 * 1024,                           // stack pointer
        CLONE_NEWPID | CLONE_NEWNS | SIGCHLD, // unshare the PID namespace (CLONE_NEWPID)
        argv[1]);                                             // argv[0] is the filename
    if (pid == -1)
    {
        printf("Failed to clone process: %s\n", strerror(errno));
        return -1;
    }

    // waits for the child to finish
    wait(NULL);

    // frees the stack
    free(pchild_stack);

    return 0;
}