Building a Container From Scratch

  • clone flags; when executing (or cloning) a process, setting these flags can modify semantics.
    • CLONE_NEWPID creates a new process namespace (the cloned process is PID 1)
    • CLONE_NEWUTS creates a new “UNIX timesharing system” namespace, which (apparently) means hostname isolation.
  • /proc/self/exe: is a copy of the currently executing process. The current process can even exec this process to create a copy.
  • ps uses /proc internally.
  • chroot: changes the apparent root directory for the current running process and their children

Watched on 2020-02-20

Edit