├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── _config.yml ├── index.md ├── mk_containers.py └── rootfs.ext4.tar.xz /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at shadow1212@21cn.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] 44 | 45 | [homepage]: http://contributor-covenant.org 46 | [version]: http://contributor-covenant.org/version/1/4/ 47 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## What is mbox 2 | 3 | - Found Docker too complex to use? try mbox! It provides: 4 | 5 | 1. network isolation 6 | 2. process list isolation 7 | 3. file system isolation 8 | 4. and more 9 | 10 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-architect -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | ## Welcome to GitHub Pages 2 | 3 | You can use the [editor on GitHub](https://github.com/oun111/simple_container/edit/master/index.md) to maintain and preview the content for your website in Markdown files. 4 | 5 | Whenever you commit to this repository, GitHub Pages will run [Jekyll](https://jekyllrb.com/) to rebuild the pages in your site, from the content in your Markdown files. 6 | 7 | ### Markdown 8 | 9 | Markdown is a lightweight and easy-to-use syntax for styling your writing. It includes conventions for 10 | 11 | ```markdown 12 | Syntax highlighted code block 13 | 14 | # Header 1 15 | ## Header 2 16 | ### Header 3 17 | 18 | - Bulleted 19 | - List 20 | 21 | 1. Numbered 22 | 2. List 23 | 24 | **Bold** and _Italic_ and `Code` text 25 | 26 | [Link](url) and ![Image](src) 27 | ``` 28 | 29 | For more details see [GitHub Flavored Markdown](https://guides.github.com/features/mastering-markdown/). 30 | 31 | ### Jekyll Themes 32 | 33 | Your Pages site will use the layout and styles from the Jekyll theme you have selected in your [repository settings](https://github.com/oun111/simple_container/settings). The name of this theme is saved in the Jekyll `_config.yml` configuration file. 34 | 35 | ### Support or Contact 36 | 37 | Having trouble with Pages? Check out our [documentation](https://help.github.com/categories/github-pages-basics/) or [contact support](https://github.com/contact) and we’ll help you sort it out. 38 | -------------------------------------------------------------------------------- /mk_containers.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 -B 2 | 3 | 4 | """ 5 | 6 | HOWTO create the root filesystem: 7 | 8 | 1. Create an empty file: 9 | 10 | dd if=/dev/zero of=rootfs.ext4 bs=1024 count=50000 11 | 12 | 13 | 2. Format the file with ext4 : 14 | 15 | mkfs.ext4 rootfs.ext4 16 | 17 | 18 | 3. Mount the empty FS: 19 | 20 | mount -o loop rootfs.ext4 /mnt/fsXXX 21 | 22 | 23 | 4. Copy files in it: 24 | 25 | cp -r ./fsNNN/* /mnt/fsXXX 26 | 27 | 28 | 5. Save it: 29 | 30 | umount /mnt/fsXXX 31 | 32 | 33 | """ 34 | 35 | 36 | import random 37 | import os 38 | import re 39 | from sys import argv 40 | 41 | 42 | class Global(object): 43 | MAX_NO = 65536 44 | vethDict = {} 45 | conDict = {} 46 | CONTAINER_PATH = "/var/run/netns/" 47 | BR_NAME = "br0" 48 | ADDR_BASE = "138.1.123." 49 | ADDR_INDEX = 1 50 | VETH_CACHE = "./list.txt" 51 | FS_NAME = "rootfs.ext4" 52 | 53 | 54 | def fetchName(hdr,chk_set): 55 | name = "" 56 | 57 | while True: 58 | name = hdr+str(random.randint(1,Global.MAX_NO)) 59 | 60 | if bool(set(chk_set.keys()) & set(name)) == False and \ 61 | bool(set(chk_set.values()) & set(name)) == False: 62 | return name 63 | 64 | return None 65 | 66 | 67 | 68 | def createVethPairs(): 69 | 70 | veth0 = fetchName("veth_",Global.vethDict) 71 | if veth0==None: 72 | print("can't fetch name for veth0") 73 | exit(-1) 74 | 75 | veth1 = fetchName("veth_",Global.vethDict) 76 | if veth1==None: 77 | print("can't fetch name for veth1") 78 | exit(-1) 79 | 80 | # create the vethx pair 81 | print("creating veth pair {0} - {1}".format(veth0,veth1)) 82 | os.system("ip link add "+veth0+" type veth peer name "+veth1) 83 | 84 | Global.vethDict[veth0] = veth1 85 | 86 | return (veth0,veth1) 87 | 88 | 89 | 90 | def clearVeths(): 91 | 92 | for k in list(Global.vethDict.keys()): 93 | os.system("ip link delete "+k) 94 | Global.vethDict.pop(k) 95 | 96 | 97 | 98 | def createContainer(): 99 | c = fetchName("con_",Global.conDict) 100 | if c==None: 101 | print("can't fetch name for new container") 102 | exit(-1) 103 | else: 104 | Global.conDict[c] = '' 105 | 106 | # mount filesystem 107 | mountFS(c) 108 | 109 | cp = Global.CONTAINER_PATH+c 110 | print("Creating container '{0}' with persistent file '{1}'".format(c,cp)) 111 | print( 112 | """ 113 | 114 | 115 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 116 | 117 | REMEMBER to run /bashrc1 MANUALLY !!! enjoy ! 118 | 119 | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 120 | 121 | 122 | """ 123 | ) 124 | 125 | # create persistent container 126 | os.system("touch "+cp) 127 | os.system("unshare -pu --fork --net={0} chroot /mnt/{1} /bin/sh".format(cp,c)) 128 | 129 | # un-mount filesystem 130 | unmountFS(c) 131 | 132 | return c 133 | 134 | 135 | 136 | def clearContainers(): 137 | 138 | for c in Global.conDict.keys(): 139 | dropContainer(c) 140 | 141 | 142 | 143 | def dropContainer(c): 144 | cp = Global.CONTAINER_PATH+c 145 | os.system("umount " + cp) 146 | os.system("rm " + cp) 147 | 148 | 149 | 150 | def attachVeth(): 151 | 152 | Global.ADDR_BASE = re.findall(r"(\w+\.\w+\.\w+)",Global.ADDR_BASE)[0] + "." 153 | 154 | for c in Global.conDict.keys(): 155 | 156 | #print("dealing with container '{0}'".format(c)) 157 | 158 | # create new veth pair 159 | veths = createVethPairs() 160 | veth1 = veths[1] 161 | 162 | # attach veth1 into container 163 | cp = Global.CONTAINER_PATH+c 164 | print("attaching '{0}' into container '{1}'".format(veth1,cp)) 165 | os.system("ip link set "+veth1+" netns "+cp) 166 | 167 | # find pid related to container 168 | # res= str(os.popen("ps aux|grep unshare|grep -v \"sh -c\"|grep "+cp+" |awk '{print $2}' ").readlines()) 169 | # pid = re.findall(r"\['(\d+).*",res)[0] 170 | # print ("pid: ", pid) 171 | 172 | # config the network interface in container 173 | assignAddr(c,veth1,Global.ADDR_BASE+str(Global.ADDR_INDEX)) 174 | Global.ADDR_INDEX += 1 175 | 176 | attachBridgeIf(veths[0]) 177 | 178 | # activate the veth0 179 | os.system("ifconfig {0} up".format(veths[0])) 180 | 181 | 182 | 183 | def createBridge(): 184 | os.system("brctl addbr " + Global.BR_NAME) 185 | os.system("ifconfig {0} up".format(Global.BR_NAME)) 186 | 187 | 188 | def attachBridgeIf(ifname): 189 | os.system("brctl addif {0} {1} ".format(Global.BR_NAME,ifname)) 190 | 191 | 192 | 193 | def dropBridge(): 194 | 195 | os.system("ifconfig {0} down".format(Global.BR_NAME)) 196 | os.system("brctl delbr " + Global.BR_NAME) 197 | 198 | 199 | 200 | def assignAddr(c,veth,ip): 201 | os.system("ip netns exec {0} ifconfig {1} {2} up".format(c,veth,ip)) 202 | os.system("ip netns exec {0} ifconfig lo up".format(c)) 203 | 204 | 205 | def modifyBridgeAddr(): 206 | 207 | os.system("ifconfig {0} {1}".format(Global.BR_NAME, \ 208 | Global.ADDR_BASE+str(Global.ADDR_INDEX))) 209 | Global.ADDR_INDEX += 1 210 | 211 | 212 | def loadCache(): 213 | 214 | os.system("touch "+Global.VETH_CACHE) 215 | 216 | with open(Global.VETH_CACHE,"r+") as mf: 217 | 218 | contents = mf.read() 219 | 220 | # read the 'veth' items 221 | pos = contents.find("vlist:") 222 | 223 | if pos>=0: 224 | pos = contents.find(":",pos)+1 225 | ptn = re.compile("(\w+),(\w+)") 226 | res = ptn.findall(contents,pos) 227 | 228 | for n in res : 229 | Global.vethDict[n[0]] = n[1] 230 | 231 | # read the 'ip address base index' 232 | """ 233 | pos = contents.find("aindex:") 234 | 235 | if pos>=0: 236 | pos = contents.find(":",pos)+1 237 | ptn = re.compile("(\d+)") 238 | res = ptn.findall(contents,pos) 239 | 240 | if res!=None: 241 | Global.ADDR_INDEX = int(res[0]) 242 | """ 243 | 244 | 245 | 246 | def flushCache(): 247 | 248 | with open(Global.VETH_CACHE,"w+") as mf: 249 | 250 | mf.truncate() 251 | 252 | # the veth list 253 | mf.write("vlist:") 254 | for n in Global.vethDict: 255 | mf.write("({0},{1})".format(n,Global.vethDict[n])) 256 | 257 | # the ip address index 258 | mf.write("\naindex: {0}".format(Global.ADDR_INDEX)) 259 | 260 | 261 | 262 | def loadContainerList(): 263 | os.system("mkdir -p "+Global.CONTAINER_PATH) 264 | 265 | for __path,__subPaths,__files in os.walk(Global.CONTAINER_PATH): 266 | for f in __files: 267 | Global.conDict[f] = '' 268 | 269 | 270 | def mountFS(c): 271 | os.system("mkdir -p /mnt/"+c) 272 | os.system("mount -o loop,ro {0} /mnt/{1}".format(Global.FS_NAME,c)) 273 | 274 | 275 | 276 | def unmountFS(c): 277 | os.system("umount /mnt/{0}/tmp/*".format(c)) 278 | os.system("umount /mnt/{0}/*".format(c)) 279 | os.system("umount /mnt/"+c) 280 | os.system("rm -rf /mnt/"+c) 281 | 282 | 283 | 284 | def release(): 285 | clearVeths() 286 | dropBridge() 287 | clearContainers() 288 | Global.ADDR_INDEX = 1 289 | 290 | 291 | 292 | def help(script): 293 | print( 294 | """ 295 | {0} : initialize linux containers 296 | 297 | options: 298 | -c: create a linux container 299 | -a: attach 'veth' device to all containers 300 | -r: release all 301 | -i
: specify ip address base in all containers 302 | -e : the cache file 303 | -f : root filesystem 304 | 305 | """.format(script) 306 | ) 307 | exit(-1) 308 | 309 | 310 | 311 | def parse_arguments(): 312 | method = "" 313 | 314 | for n in range(len(argv)): 315 | if n==0: 316 | continue 317 | 318 | ax = argv[n] 319 | if ax[0]=='-' and ax!='-i' and ax!='-e' and ax!="-f": 320 | method = ax 321 | # ip address base 322 | if ax=='-i': 323 | n += 1 324 | if n