Dave Leskovec wrote:
Daniel Hokka Zakrisson wrote:
Dave Leskovec wrote:
Attached is a simple program that uses the clone() function to create a container. This is not intended as a patch - just an example of what creating a Linux Container looks like. Something along these lines will be used by the Linux Container driver to start the domain. The code run within this container is really simple. It just mounts the /proc file system and then dumps the ps output to a file showing that the container is in separate process space.
To run this you will need to have PID namespaces support enabled. Turn on CONFIG_PID_NS when compiling the kernel. You must run the program as root or the clone() call will fail.
Any questions or comments are welcome. Thanks!
You want to use at least CLONE_NEWIPC and CLONE_NEWUSER too. CLONE_NEWUTS is probably desired as well, so you can have different hostnames, and CLONE_NEWNET for networking (though that's probably not going to be usable until after 2.6.25, at least).
Thanks! I added CLONE_NEWIPC and CLONE_NEWUTS. Adding CLONE_NEWUSER caused clone() to fail. I'm looking into that.
Make sure you have CONFIG_USER_NS=y
I'll post in the near future regarding CLONE_NEWNET, network support for containers, and the XML format.
-- Daniel Hokka Zakrisson