Shocker

This project is a simple container implementation in Go. It demonstrates basic containerization concepts such as namespaces, chroot, and filesystem isolation. This project is mostly inspired by Liz Rice's famous talk and is intended for educational purposes to get a better understanding of containers.

Features so far

• Process isolation using namespaces
• Filesystem isolation using chroot and pivot_root
• Simple execution of commands within the container

Requirements

• The Go Programming language
• Linux system (requires namespaces and other Linux-specific features)

Installation

1. Clone the repository:

git clone https://github.com/exitflynn/shocker.git
cd shocker

2. Build the project:

go build -o shocker .

Usage

To run a command inside the container, use the following syntax:

sudo ./shocker run <command>

For example, to run a bash shell inside the container:

sudo ./shocker run /bin/bash

How It Works

main.go handles command-line arguments and sets up the namespaces, the run function starts a new process with isolated namespaces and the child function sets up the container environment (hostname, chroot, mount /proc) and runs the given command.

The pivotRoot function in utils.go changes the root fs of the system, and can be thought of doing this in the following steps:

1. First it bind mounts the new root filesystem.
2. Creates a directory to hold the old root.
3. Executes the pivot_root syscall to switch the root filesystem.
4. Changes the current working directory to the new root.
5. Finally unmounts the old root filesystem.

What this project is not // Limitations

This is a basic implementation and lacks many features of a full-fledged container runtime. A future version could incorporate handling networking, advanced cgroup management, or security settings. But yeah, still not suitable for production use.