This is brand-new software. I've tested it minimally before pushing to Github. Do not expect signatures and layout to be consistent until this note disappears.
Linux >= 2.6.24 with:
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y (eventually)
Root or CAP_SYS_ADMIN privileges. Using setcap on a binary may not be safe on a multi-user system since input checking isn't very thorough.
make
make test
make clean
make binaries
If busybox is installed, this should work
sudo ./nschroot /bin /busybox ls /
mkdir -p /tmp/root
cp -a /bin/busybox /tmp/root
touch /tmp/root/foobar
go build -o nschroot nschroot.go && sudo ./nschroot /tmp/root /busybox ls
To use the 'cgroup' utility to put a process into a cgroup:
sudo ./cgroup -name awesome -program /usr/bin/touch -env bar=baz -- /tmp/foo
- 'contain' utility that executes inside a namespaced/cgrouped container
- capabilities helpers
- veth setup
- 2013-03-25: 'nschroot' and 'cgroup' are working
- 2013-02-19: nschroot seems to work fine as root. Cgroups aren't there yet, but I should have a workable API soon.
Al Tobey tobert@gmail.com @AlTobey
Copyright 2013 Albert P Tobey. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.