Container namespaces and cgroups

exec.sh

############################# UTS #############################
sudo su
hostname
unshare --uts /bin/sh
hostname my-new-hostname
hostname
exit
hostname


############################# PID #############################
ps aux   # list process list
sleep 1000 &
sudo unshare --pid --fork /bin/sh
ps aux
kill -9 <PID of sleep 1000> # cannot kill parent PID
sleep 2000 &
pstree
unshare --pid --fork /bin/sh
sleep 3000 &
pstree
pstree -p        # list process tree and two sleep process

############################# Chroot #############################
sudo su
mkdir rootfs

curl -L --progress-bar \
http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-minirootfs-3.9.0-x86_64.tar.gz \
-o alpine.tar.gz

sudo tar -xzf /home/dhanushka/lecture/alpine.tar.gz -C rootfs

sudo unshare --pid --fork chroot rootfs /bin/sh
ls
ps aux                  # ps aux not works since proc not mount

mount -t proc proc /proc   # mount proc

sleep 1000 &
ps aux
ls /proc/<PID of sleep>

kill -9 <PID>

############################# Mount #############################

unshare /bin/sh
mkdir source
touch source/hello
mkdir target
sudo mount --bind source target
ls target     # source is mounted here

exit # exit to root NS

ls target   # still target is shared
umount target   # remove mount
------------------
unshare --mount /bin/sh
mount --bind source target
ls target

exit # exit to root NS
ls target

############################# User #############################

unshare /bin/sh
id # list as unpreviledge user

sudo unshare /bin/sh
id # list as preveledge user

unshare --user /bin/sh
id # nobody user

############################# network #############################

ip a # list current networks
ip link # list ip routing table

unshare /bin/sh
ip a # same as the root networks
ip link # no ip links

sudo unshare --net /bin/sh
ip a # only loop back address

echo $$     # get current pid
sudo ip link add ve1 netns <current PID> type veth peer name ve2 netns 1
ip link # ip routing from guest to host
ip link set ve1 up  # start routing

#open new host
sudo ip link set ve2 up

# in container
ip addr add 192.168.1.100/24 dev ve1
ip a # new ip assigned
ip route # list ip route

# in host
sudo ip addr add 192.168.1.200/24 dev ve2
ip a # new ip assigned
ip route # list ip route

# in container
ping 192.168.1.200

# in host
ping 192.168.1.100

sudo ip link delete ve2  # delete link

############################# IPC #############################
ipcs # list all IPC
ipcmk -M 10
ipcs # new message queue created

unshare /bin/sh
ipcs # message queue still showing

unshare --ipc /bin/sh
ipcs # empty IPC

# in host
ipcrm -M <Queue key>

############################# CGroups #############################
cd /sys/fs/cgroup/pids
sudo mkdir test
ls test
sudo unshare --pid --fork /bin/sh
sleep 5000 &
sleep 5000 &

# host
cd /sys/fs/cgroup/pids
pstree -p                    # get parent pid
pstree <pid> -p              # if you can't see the full list 
echo 3 | sudo tee pids.max   # set max pid set as 3
echo "<parent pid>" | sudo tee cgroup.procs   # replace parent id
cat pids.current

# guest
sleep 5000 &
sleep 5000 &     # this will fail