#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/wait.h>
#include <stdio.h>
#include <sched.h>
#include <signal.h>
#include <unistd.h>
/* 定义一个给 clone 用的栈,栈大小1M */
#define STACK_SIZE (1024 * 1024)
static char container_stack[STACK_SIZE];
char* const container_args[] = {
"/bin/bash",
NULL
};
int container_main(void* arg)
{
printf("Container - inside the container!\n");
sethostname("container",10); /* 设置hostname */
execv(container_args[0], container_args);
printf("Something's wrong!\n");
return 1;
}
int main()
{
printf("Parent - start a container!\n");
int container_pid = clone(container_main, container_stack+STACK_SIZE,
CLONE_NEWUTS | SIGCHLD, NULL); /*启用CLONE_NEWUTS Namespace隔离 */
waitpid(container_pid, NULL, 0);
printf("Parent - container stopped!\n");
return 0;
}
[root@dock01 C]# gcc -o ns ns.c
[root@dock01 C]# ./ns
Parent - start a container!
Container - inside the container!
[root@container C]# hostname
container
[root@container C]# ls -ltr /tmp/
total 0
-rw-r--r-- 1 root root 0 Dec 7 05:25 dd
-rw-r--r-- 1 root root 0 Dec 7 05:25 cc
-rw-r--r-- 1 root root 0 Dec 7 05:25 bb
-rw-r--r-- 1 root root 0 Dec 7 05:25 aa
mount("none", "/tmp", "tmpfs", 0, "");
execv(container_args[0], container_args);
[root@dock01 C]# ./ns
Parent - start a container!
Container - inside the container!
[root@container C]# ls -ltr /tmp/
total 0
1174
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
