DefaultCreateCommand will return an exec.Cmd with the Cloneflags set to the proper namespaces defined on the container's configuration and use the current binary as the init with the args provided console: the /dev/console to setup inside the container init: the program executed inside the namespaces root: the path to the container json file and information pipe: sync pipe to synchronize the parent and child processes args: the arguments to pass to the container to run as the user's program.

TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work.

ExecIn reexec's the initPath with the argv 0 rewrite to "nsenter" so that it is able to run the setns code in a single threaded environment joining the existing containers' namespaces.

FinalizeNamespace drops the caps, sets the correct user and working dir, and closes any leaky file descriptors before execing the command inside the namespace.

Finalize expects that the setns calls have been setup and that is has joined an existing namespace.

GetNamespaceFlags parses the container's Namespaces options to set the correct flags on clone, unshare, and setns.

TODO(vishh): This is part of the libcontainer API and it does much more than just namespaces related work.

InitializeNetworking creates the container's network stack outside of the namespace and moves interfaces into the container's net namespaces if necessary.

RestoreParentDeathSignal sets the parent death signal to old.

SetupCgroups applies the cgroup restrictions to the process running in the container based on the container's configuration.

SetupUser changes the groups, gid, and uid for the user inside the container.

namespaceList is used to convert the libcontainer types into the names of the files located in /proc/<pid>/ns/* for each namespace.

namespaceList is used to convert the libcontainer types into the names of the files located in /proc/<pid>/ns/* for each namespace.