https://linzeyan.github.io/categories/container/Recent content in Container on RickyHugo -- gohugo.ioenWed, 10 Sep 2025 09:50:00 +0800https://linzeyan.github.io/posts/2025/20250910-containers-from-scratch-by-golang-feat-liz-rice/Wed, 10 Sep 2025 09:50:00 +0800https://linzeyan.github.io/posts/2025/20250910-containers-from-scratch-by-golang-feat-liz-rice/<ul> <li><a href="https://baconyao.notion.site/Containers-From-Scratch-by-Golang-feat-Liz-Rice-2638a3a7d9d48053ae1dce0763fb52e8" target="_blank" rel="noopener">Containers From Scratch by Golang (feat. Liz Rice)</a></li> <li><a href="https://github.com/baconYao/container-from-scratch-golang" target="_blank" rel="noopener">container-from-scratch-golang</a></li> </ul> <p>As we enhance the functionality of our small program, we will explore the following topics, allowing us to create a basic simulation of a non-production container environment.</p> <ol> <li>UTS Namespace</li> <li>Chroot</li> <li>PID Namespace</li> <li>Mount Namespace</li> <li>Control Group</li> <li>Rootless Container</li> </ol>https://linzeyan.github.io/posts/2023/20231004-container/Wed, 04 Oct 2023 09:06:00 +0800https://linzeyan.github.io/posts/2023/20231004-container/<ul> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/" target="_blank" rel="noopener">Container security fundamentals: Exploring containers as processes</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/" target="_blank" rel="noopener">Container security fundamentals part 2: Isolation &amp; namespaces</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-3/" target="_blank" rel="noopener">Container security fundamentals part 3: Capabilities</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-4/" target="_blank" rel="noopener">Container security fundamentals part 4: Cgroups</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-5/" target="_blank" rel="noopener">Container security fundamentals part 5: AppArmor and SELinux</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-6/" target="_blank" rel="noopener">Container security fundamentals part 6: seccomp </a></li> </ul>https://linzeyan.github.io/posts/2022/20221124-containers-from-scratch/Thu, 24 Nov 2022 13:10:14 +0800https://linzeyan.github.io/posts/2022/20221124-containers-from-scratch/<ul> <li><a href="https://ericchiang.github.io/post/containers-from-scratch/" target="_blank" rel="noopener">Containers from scratch</a></li> </ul> <h3 id="container-file-systems">Container file systems</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ wget https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz </span></span><span style="display:flex;"><span>$ sha256sum rootfs.tar.gz </span></span><span style="display:flex;"><span>c79bfb46b9cf842055761a49161831aee8f4e667ad9e84ab57ab324a49bc828c rootfs.tar.gz </span></span><span style="display:flex;"><span>$ <span style="color:#75715e"># tar needs sudo to create /dev files and setup file ownership</span> </span></span><span style="display:flex;"><span>$ sudo tar -zxf rootfs.tar.gz </span></span><span style="display:flex;"><span>$ ls rootfs </span></span><span style="display:flex;"><span>bin dev home lib64 mnt proc run srv tmp var </span></span><span style="display:flex;"><span>boot etc lib media opt root sbin sys usr </span></span><span style="display:flex;"><span>$ ls -al rootfs/bin/ls </span></span><span style="display:flex;"><span>-rwxr-xr-x. <span style="color:#ae81ff">1</span> root root <span style="color:#ae81ff">118280</span> Mar <span style="color:#ae81ff">14</span> <span style="color:#ae81ff">2015</span> rootfs/bin/ls </span></span></code></pre></div><h3 id="chroot">chroot</h3> <p>it allows us to restrict a process&rsquo; view of the file system. In this case, we&rsquo;ll restrict our process to the &ldquo;rootfs&rdquo; directory then exec a shell.</p>