Skip to content

devansh1401/GoNsRun

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

19 Commits
docs
docs
ย 
ย 
.gitignore
.gitignore
ย 
ย 
Dockerfile
Dockerfile
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 
go.mod
go.mod
ย 
ย 
main.go
main.go
ย 
ย 
sys_linux.go
sys_linux.go
ย 
ย 
sys_others.go
sys_others.go
ย 
ย 

Repository files navigation

๐Ÿ“ฆ Container From Scratch

A low-level container runtime built from first principles in Go. This project peels back the layers of abstraction to reveal how container technology actually works.

What & Why

I built this project to deeply understand the core technologies behind containers. By implementing containerization primitives directly with Linux kernel features, I've learned that containers aren't magic - they're just clever applications of:

  • Process namespaces for isolation
  • Control groups for resource limits
  • Filesystem manipulation for environment consistency

Implemented Features

  • Process Isolation: Using Linux namespaces (CLONE_NEWUTS, CLONE_NEWPID, CLONE_NEWNS)
  • Custom Environment: Isolated hostname and process tree
  • Filesystem Isolation: Restricted view using chroot
  • Process Management: /proc filesystem mounting for process visibility
  • Resource Controls: Basic limits using cgroups
  • Cross-Platform: Graceful fallbacks for non-Linux systems

Future Enhancements

  • Network namespace isolation for container networking
  • User namespace implementation for improved security
  • Volume mounting for data persistence
  • Performance optimizations

๐Ÿ› ๏ธ How It Works

This project demonstrates containerization from scratch using these key mechanisms:

1. Process Isolation

// Create isolated process environment using namespaces
cmd.SysProcAttr = &syscall.SysProcAttr{
    Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS,
}

2. Filesystem Boundaries

// Change root filesystem to create isolation
syscall.Chroot("/path/to/container/root")
syscall.Chdir("/")

3. Resource Management

// Limit container to 20 processes max
ioutil.WriteFile(filepath.Join(pids, "container/pids.max"), []byte("20"), 0700)

Usage

For Linux Users:

# Run a bash shell inside a container
go run main.go run /bin/bash

For Everyone Else (Docker):

# Build and run using Docker
docker build -t container-from-scratch .
docker run --rm -it --privileged container-from-scratch ./main run /bin/bash

Note: The --privileged flag is needed because we're running container tech inside a container.

Learn More

Check the docs folder for detailed explanations of the concepts behind this implementation. This project is for educational purposes - not production use!

Technical Details

This implementation uses:

  • Go's syscall package for direct kernel interaction
  • Linux namespaces for process isolation
  • cgroups for resource management
  • chroot for filesystem isolation
  • proc filesystem for process visibility

About

containers from scratch in go ๐Ÿ’ƒ

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages