-
Notifications
You must be signed in to change notification settings - Fork 2
/
runb.sh
53 lines (43 loc) · 1.27 KB
/
runb.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
set -eu
#set -x
CORE=$PWD/lib/core.sh
# get a directory which has a root file system.
if [ $# -lt 1 ]; then
echo "you need to designate a directory which is root file system."
exit
fi
# make container name and path
CONTAINER_DIR=$1
CONTAINER_NAME="$(basename $0 | cut -d '.' -f 1)-$$"
CONTAINER_FS="$CONTAINER_DIR/rootfs"
# create network namespace
CONTAINER_NET_NS="$CONTAINER_NAME-ns"
ip netns add $CONTAINER_NET_NS
VETH="veth-$CONTAINER_NAME"
ETH="eth-$CONTAINER_NAME"
# config files
echo "nameserver 8.8.8.8" > $CONTAINER_FS/etc/resolv.conf
# cgroups
CGROUP_CONTROLLERS="cpu,memory,pids"
cgcreate -g "$CGROUP_CONTROLLERS:$CONTAINER_NAME"
# network setting
BRIDGE_NAME="runb-bridge"
ip link add name $VETH type veth peer name $ETH
brctl addif $BRIDGE_NAME $VETH
ip link set $VETH up
ip link set $ETH netns $CONTAINER_NET_NS
ip netns exec $CONTAINER_NET_NS ip address add 10.0.0.2/24 dev $ETH
ip netns exec $CONTAINER_NET_NS ip link set $ETH up
ip netns exec $CONTAINER_NET_NS ip route add default via 10.0.0.1
# prepare commands which will be executed by signals
trap "ip netns del $CONTAINER_NET_NS" EXIT
# make a new name space.
unshare \
--pid \
--uts \
--ipc \
--mount \
--cgroup \
--fork \
bash $CORE $CONTAINER_DIR $CONTAINER_NAME