Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cmd := exec.Command("/proc/self/exe", "run-container")
- cmd.SysProcAttr = &syscall.SysProcAttr{
- Cloneflags: syscall.CLONE_NEWUSER | syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS,
- Unshareflags: syscall.CLONE_NEWNS,
- UidMappings: []syscall.SysProcIDMap{
- {
- ContainerID: 0,
- HostID: os.Getuid(),
- Size: 1, // set this to 2 or more and it fails
- },
- },
- GidMappings: []syscall.SysProcIDMap{
- {
- ContainerID: 0,
- HostID: os.Getgid(),
- Size: 1,
- },
- },
- }
- // other flags: CLONE_NEWNET, CLONE_NEWIPC, CLONE_NEWCGROUP, CLONE_NEWUSER,
- cmd.Stdin = os.Stdin
- cmd.Stdout = os.Stdout
- cmd.Stderr = os.Stderr
- err := cmd.Run()
- if err != nil {
- fmt.Println("ERROR: parent cmd.Run", err)
- os.Exit(1)
- }
- ERROR: parent cmd.Run fork/exec /proc/self/exe: operation not permitted
- lxd:1000:1
- root:1000:1
- lxd:100000:65536
- root:100000:65536
- developer:165536:65536
- mounter:231072:65536
Add Comment
Please, Sign In to add comment