π I'm Building My Own Container Runtime!
This is part of a complete series where I'm building Conti - a container runtime from scratch. Check it out on GitHub!
About This Series:
- I'm sharing everything I learn while building my own container runtime
- Most concepts come from videos, documentation, and LLM-assisted learning (for educational purposes)
- Focus: Understanding through practice - raw Linux commands and practical implementation
- Important: When building your own container, DON'T copy code from sources - it kills the fun! Write it yourself, break things, debug, and learn.
Why Build Your Own?
- Deep understanding of how containers really work
- Master low-level Linux concepts
- Learn by doing, not just reading
- It's incredibly fun when things finally click!
π― Overview
Practice creating isolated filesystem views using mount namespaces with a simple bookstore/cafe scenario.
π What is Pivot Root?
Pivot root changes the root filesystem (/) for a process and its children, providing complete filesystem isolation.
How It Works
BEFORE PIVOT ROOT:
βββββββββββββββββββββββββββ
β System Root (/) β
β βββ home/ β
β βββ var/ β
β βββ bookstore/ β β Target directory
β β βββ books/ β
β β βββ checkout/ β
β β βββ old_root/ β (empty)
β βββ cafe/ β
βββββββββββββββββββββββββββ
AFTER PIVOT ROOT (from bookstore):
βββββββββββββββββββββββββββ
β New Root (/) β
β βββ books/ β β Bookstore content
β βββ checkout/ β
β βββ old_root/ β β Old system root moved here
β βββ home/ β
β βββ var/ β
β βββ cafe/ β
βββββββββββββββββββββββββββ
Key Requirements
β Target directory must be a mount point
β Needs a directory to move old root (e.g., old_root/)
β Must be run in a mount namespace (or as init process)
π Quick Setup Exercise
Scenario
Create two isolated environments:
- Bookstore zone with its own resources
- Cafe zone with its own resources
π Practice Steps
1οΈβ£ Initial Setup
# Create directory structures
mkdir -p bookstore/{books,checkout,lounge,old_root}
mkdir -p cafe/{menu,kitchen,seating,old_root}
# Add sample files
echo "Fiction novels" > bookstore/books/inventory.txt
echo "Coffee menu" > cafe/menu/drinks.txt
2οΈβ£ Create First Namespace (Bookstore)
# Open terminal 1
sudo unshare -m -p --mount-proc /bin/bash
# Make it a mount point
sudo mount --bind bookstore bookstore
# Change root
cd bookstore
sudo pivot_root . old_root
# Verify isolation
ls / # Should only show: books, checkout, lounge, old_root
3οΈβ£ Create Second Namespace (Cafe)
# Open terminal 2
sudo unshare -m -p --mount-proc /bin/bash
# Make it a mount point
sudo mount --bind cafe cafe
# Change root
cd cafe
sudo pivot_root . old_root
# Verify isolation
ls / # Should only show: menu, kitchen, seating, old_root
4. Test Isolation
# In bookstore namespace
cd /
cat books/inventory.txt # β Works
cat menu/drinks.txt # β Doesn't exist
# In cafe namespace
cd /
cat menu/drinks.txt # β Works
cat books/inventory.txt # β Doesn't exist
Key Commands
| Command | Purpose |
|---|---|
unshare -m -p --mount-proc /bin/bash |
Create isolated namespace |
mount --bind dir dir |
Make directory a mount point |
pivot_root . old_root |
Change root directory |
lsns -t mnt |
List mount namespaces |
Quick Verification
# Check you're in a namespace
lsns -t mnt -t pid
# Verify mount point
df -a | grep bookstore
# Check current root
pwd # Should show /
Top comments (0)