mount namespace

 

 

root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# go run Mount_001.go run

ERRO[0000] no such file or directory                    
root@nshost:/# 
root@nshost:/# exit
exit
ERRO[0003] no such file or directory                    
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# ls /root/docker/container/rootfs/
bin  boot  client  dev  docker-entrypoint.d  docker-entrypoint.sh  etc  home  lib  media  mnt  opt  proc  root  run  sbin  server  srv  sys  tmp  unixsock  usr  var
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# mkdir -p /root/docker/container/rootfs/godir
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# go run Mount_001.go run
ERRO[0000] no such file or directory                    
root@nshost:/# exit
exit
ERRO[0005] no such file or directory                    
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# rm -rf /root/docker/container/rootfs/godir
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# mkdir -p /root/docker/container/rootfs/temp
root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# go run Mount_001.go run
root@nshost:/# 

 

 

 

root@ubuntu:/home/ubuntu/test/learning/namespaces/Mount_001# go run Mount_001.go run
root@nshost:/# ls
bin  boot  client  dev  docker-entrypoint.d  docker-entrypoint.sh  etc  home  lib  media  mnt  opt  proc  root  run  sbin  server  srv  sys  temp  tmp  unixsock  usr  var
root@nshost:/# ls temp/
root@nshost:/# mount
/dev/sdc3 on /unixsock type ext4 (rw,relatime,errors=remount-ro,stripe=64)
proc on /proc type proc (rw,relatime)
godir on /temp type tmpfs (rw,relatime)
root@nshost:/# 

 

 

 

 host上

 

 这是因为现在还没有添加挂载点的隔离。

容器退出

 

 

 

host上也没有了

 

 

package main

import (
        "os"
        "os/exec"
        "syscall"

        "github.com/sirupsen/logrus"
)

func check(err error) {
        if err != nil {
                logrus.Errorln(err)
        }
}

func run() {
        logrus.Info("Setting up...")
        cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...)
        cmd.Stdin = os.Stdin
        cmd.Stdout = os.Stdout
        cmd.Stderr = os.Stderr
        cmd.SysProcAttr = &syscall.SysProcAttr{
                Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS,
        }
        check(cmd.Run())
}

func child() {
        logrus.Infof("Running %v", os.Args[2:])
        cmd := exec.Command(os.Args[2], os.Args[3:]...)
        cmd.Stdin = os.Stdin
        cmd.Stdout = os.Stdout
        cmd.Stderr = os.Stderr
        check(syscall.Sethostname([]byte("newhost")))
        // "/root/go/src/PID_001/busybox" busybox解压的目录
        check(syscall.Chroot("/root/docker/container/rootfs/"))
        check(os.Chdir("/"))
        // func Mount(source string, target string, fstype string, flags uintptr, data string) (err error)
        // 前三个参数分别是文件系统的名字，挂载到的^H路径，文件系统的类型
        check(syscall.Mount("proc", "proc", "proc", 0, ""))
        // 这里godir是挂载文件系统的名称，可以修改特殊一些，以方便区分
        check(syscall.Mount("godir", "temp", "tmpfs", 0, ""))
        check(cmd.Run())
        // 卸载
        check(syscall.Unmount("proc", 0))
        check(syscall.Unmount("godir", 0))
}

func main() {
        if len(os.Args) < 2 {
                logrus.Errorf("missing commands")
                return
        }
        switch os.Args[1] {
        case "run":
                run()
        case "child":
                child()
        default:
                logrus.Errorf("wrong command")
                return
        }
}