Infrastructure components and tools rewritten from scratch (like DNS or Docker)
Open a service on :8053
Based on RFC 1035
Receive a dns request, forwards it to google dns and returns the result to the requester.
It also implements functions to read and write the messages in memory, but are unused. Was just an exercise to handle variables that represents single flags of DNS Message.
Theory recap:
- The app needs to create a new namespace with the clone() syscall.
- The process needs to replicate itself (/proc/self/exe) to run commands inside the container. It does that by recalling himself (child), with different parameters/env var.
- Change the root directory of the child process (chroot and chdir)
- Create a proc namespace and mount on it the namespace's proc virtual filesystem
- Make the container rootless by mapping the host user to the container root. In this way the root in the container has at most the host user privileges (the user that ran the container).
- Create cgroups files in the host to manage container resources. Max and min files to manage the resources restrictions (like memory.max) and cgroup.proc to map the container's PID to the cgroup restrictions.
Build:
sudo go build main.go -o mydockerRunning requires slirp4netns utility installed on the host machine.
Run:
# This app curently download all layers and run the container in a single fixed folder.
# Location of this folder is $HOME/.config/mydocker/container
# It doesnt support running multiple containers or running a container in detached mode.
# You can pull and run in the same step.
# Accepted [OPTIONS] are -v (debug) and -rm (delete the container folder after exiting the process).
# <command> is the command that will be run by the container process.
# Eg: mydocker -rm run busybox sh will attach your shell to the container's shell
./mydocker [OPTIONS] run <image:tag> <command>To trace the most important system calls:
strace -f -e trace=clone,setns,mount,pivot_root,chroot,openat,write -s 200 <myDockerBinaryCommand>