p8952 / bocker Goto Github PK
View Code? Open in Web Editor NEWDocker implemented in around 100 lines of bash
Home Page: https://www.p8952.info/
License: GNU General Public License v3.0
Docker implemented in around 100 lines of bash
Home Page: https://www.p8952.info/
License: GNU General Public License v3.0
Ideally uuidgen
should be used, but in the current implementation this will not work due to interface names being generated based on uuid's.
@p8952 @frohoff @tst2005
At the moment I have no host to test it...
Is it possible to manipulate the host from inside of a bocker container or is there isolation (by cgroup?! haven't used it before...)
Simple unshare with chroot and proc mounted isn't isolated.
cgcreate -g "$cgroups:/$uuid"
: "${BOCKER_CPU_SHARE:=512}" && cgset -r cpu.shares="$BOCKER_CPU_SHARE" "$uuid"
: "${BOCKER_MEM_LIMIT:=512}" && cgset -r memory.limit_in_bytes="$((BOCKER_MEM_LIMIT * 1000000))" "$uuid"
cgexec -g "$cgroups:$uuid" \
ip netns exec netns_"$uuid" \
unshare -fmuip --mount-proc \
chroot "$btrfs_path/$uuid" \
/bin/sh -c "/bin/mount -t proc proc /proc && $cmd" \
2>&1 | tee "$btrfs_path/$uuid/$uuid.log" || true
ip link del dev veth0_"$uuid"
ip netns del netns_"$uuid"
If not that executed inside of a Container will reboot the host.
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
Bocker exec fails always, it just outputs a long list of increasing integers. Am I doing something wrong, or is this a bug? I can't find any documentation about exec. All the other commands are working.
.
Hi,
A question, why did you choose this MAC address prefix specifically: "02:42:ac:11:00"?
Could it harm if I want to change it?
bocker pull does not support public registry, can't pull from there anymore.
The api has switched to v2, and the v1 does not seem to work anymore...
Note in bocker_pull
there is a call to manipulate $IFS
and then an attempt to revert it by using unset IFS
however the default $IFS
is actually $' \n\t'
. Unsetting $IFS
like that I believe will globally affect white space splitting.
~ $ [[ $IFS == $' \t\n' ]] && echo true
true
~ $ read a b <<< "1 2"; echo $a
1
~ $ IFS='' read a b <<< "1 2"; echo $a
1 2
I would love to understand what each of the commands do, and how they all fit together to arrive at a cohesive solution.
It would be great if there was a blog post (or series of blog posts) with discussion and diagrams of the concepts behind making this work.
I was just exploring data mounts and some thing like this
unshare -m -- /bin/sh -c "mount -o bind,noexec,nosuid,nodev /var/bocker/shared '$btrfs_path/$uuid'/var/www/data"
seems to work well enough for basic host to container mounts.
Apart from iptables, socat is also a excellent option for port forwarding with a simple one liner;
socat TCP-LISTEN:80,fork TCP:10.0.0.2:80
See #15
This would prevent you from running two webservers on port 80, for instance. If doing dhcp isn't possible, the next best thing would be to maintain a list of currently used IPs.
It looks like bocker run bash works, but there is no way I can get a prompt. Even 'export PS1="$ "' doesn't work. It is not that big of a problem, but I'm afraid this will just be the tip of the iceberg.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.