int main() {
const int gid = getgid(), uid = getuid();
char content[128];
format_string(content);
format_print("Parent", content);
pipe(pipefd);
format_print("Parent", "start a container!");
int container_pid = clone(container_main, container_stack + STACK_SIZE
, CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUSER | SIGCHLD, NULL);
char content2[64];
sprintf(content2, "Container [%5d]!", container_pid);
format_print("Parent", content2);
set_uid_map(container_pid, 0, uid, 1);
set_gid_map(container_pid, 0, gid, 1);
format_print("Parent", "user/group mapping done!");
close(pipefd[1]);
waitpid(container_pid, NULL, 0);
format_print("Parent", "container stopped!");
return 0;
}
int main(int argc, char** argv)
{
char* command = const_cast<char*>("/bin/bash");
if (argc >= 2) {
command = argv[1];
}
const int gid=getgid(), uid=getuid();
printf("Parent: eUID = %ld; eGID = %ld, UID=%ld, GID=%ld\n",
(long) geteuid(), (long) getegid(), (long) getuid(), (long) getgid());
int ret = pipe(pipefd);
if (ret < 0) {
printf("Error: pipe failed: %d, %s\n", errno, strerror(errno));
exit(1);
}
printf("Parent [%d] - start a container!\n", getpid());
::std::auto_ptr<CommandArgs> container_args(new CommandArgs);
container_args->AddArg(command);
int clone_flags = SIGCHLD | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUSER;
int container_pid = clone(container_main,
container_stack + STACK_SIZE, clone_flags, container_args.get());
if (container_pid < 0) {
printf("Error: clone failed: %d, %s\n", errno, strerror(errno));
exit(1);
}
printf("Parent [%5d] - Container [%5d]!\n", getpid(), container_pid);
// map current user to root in child namespace
set_uid_map(container_pid, 0, uid, 1);
set_gid_map(container_pid, 0, gid, 1);
printf("Parent [%5d] - user/group mapping done!\n", getpid());
close(pipefd[0]);
close(pipefd[1]);
int container_status = 0;
waitpid(container_pid, &container_status, 0);
printf("Parent - container stopped! status: %d\n", container_status);
return 0;
}
int main()
{
const int gid=getgid(), uid=getuid();
printf("Parent: eUID = %ld; eGID = %ld, UID=%ld, GID=%ld\n",
(long) geteuid(), (long) getegid(), (long) getuid(), (long) getgid());
pipe(pipefd);
printf("Parent [%5d] - start a container!\n", getpid());
int container_pid = clone(container_main, container_stack+STACK_SIZE,
CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWUSER | SIGCHLD, NULL);
printf("Parent [%5d] - Container [%5d]!\n", getpid(), container_pid);
//To map the uid/gid,
// we need edit the /proc/PID/uid_map (or /proc/PID/gid_map) in parent
//The file format is
// ID-inside-ns ID-outside-ns length
//if no mapping,
// the uid will be taken from /proc/sys/kernel/overflowuid
// the gid will be taken from /proc/sys/kernel/overflowgid
set_uid_map(container_pid, 0, uid, 1);
set_gid_map(container_pid, 0, gid, 1);
printf("Parent [%5d] - user/group mapping done!\n", getpid());
/* 通知子进程 */
close(pipefd[1]);
waitpid(container_pid, NULL, 0);
printf("Parent - container stopped!\n");
return 0;
}
