Linux containers in 580 lines of C

'contained' is an executable written in C, for chrooting into a filesystem, with maximum security:

https://blog.lizzie.io/linux-containers-in-500-loc.html

...as the author states, it did grow a bit beyond 500 lines! Here is the C code:

https://blog.lizzie.io/linux-containers-in-500-loc/contained.c

Using the 4.14.71 kernel, with cgroups support now enabled, I got 'contained' to work. Was able to "chroot" into a rootfs, and it is very locked down. Too locked down to actually do anything useful.

However, it is very educational to study. It has given me an introduction how cgroups can be used, and the intention is to apply cgroups to EasyContainers.

Tags: linux