Container

simple container implementation in go.

Material

1, Unprivileged containers on Go.

• Part1: User and PID namespaces
• Part2: UTS namespace (setup namespaces)
• Part3: Mount namespace
• Part4: Network namespace

2, Docker implemented in around 100 lines of bash.

• https://github.com/p8952/bocker

3, Code to accompany the "Namespaces in Go" series of articles.

• Part 1: Linux Namespaces
• Part 2: Namespaces in Go - Basics
• Part 3: Namespaces in Go - User
• Part 4: Namespaces in Go - reexec
• Part 5: Namespaces in Go - Mount
• Part 6: Namespaces in Go - Network
• Part 7: Namespaces in Go - UTS

4, Shell script to create network namespace.

• https://github.com/cssivision/container/blob/master/network-namespace.sh

5, Iptables

• a-deep-dive-into-iptables-and-netfilter-architecture
• Security Guide IPTables

Network

set dns resolver in container:

echo "nameserver 8.8.8.8" >> /etc/resolv.conf

set ip forward in host:

sysctl -w net.ipv4.ip_forward=1

Run

make config
make build
make run

after this, you can ping google.com, this should work.