func CreateContainer(containerName string, nsPid int, args []string, env []string) (*libcontainer.Container, error) { container := new(libcontainer.Container) container.ID = containerName container.NsPid = nsPid container.Command = &libcontainer.Command{args, env} container.Namespaces = []libcontainer.Namespace{ libcontainer.CLONE_NEWNS, libcontainer.CLONE_NEWUTS, libcontainer.CLONE_NEWIPC, libcontainer.CLONE_NEWPID, libcontainer.CLONE_NEWNET, } container.Capabilities = []libcontainer.Capability{ libcontainer.CAP_SETPCAP, libcontainer.CAP_SYS_MODULE, libcontainer.CAP_SYS_RAWIO, libcontainer.CAP_SYS_PACCT, libcontainer.CAP_SYS_ADMIN, libcontainer.CAP_SYS_NICE, libcontainer.CAP_SYS_RESOURCE, libcontainer.CAP_SYS_TIME, libcontainer.CAP_SYS_TTY_CONFIG, libcontainer.CAP_MKNOD, libcontainer.CAP_AUDIT_WRITE, libcontainer.CAP_AUDIT_CONTROL, libcontainer.CAP_MAC_OVERRIDE, libcontainer.CAP_MAC_ADMIN, } netns_path := path.Join("/proc", strconv.Itoa(nsPid), "ns", "net") f, err := os.Open(netns_path) if err != nil { return nil, err } container.NetNsFd = f.Fd() return container, nil }