Closed morganllewellynjones closed 5 months ago
A shell script has been provided that pulls a docker image and exports the filesystem to your local directory for testing. This allows for easy testing of many different containers, but there isn't yet a container daemon, and there isn't a concept of dynamically extracting a base image when you run the process. It still needs you to set up the container filesystem in advance.
We don't call chroot directly but instead use the unshare commands --root parameter to switch roots. This is better integrated and more secure than chroot.
Once, namespaces are gated, move into the new file system. The image tarball can be grabbed from a docker build operation. For simplicity, the program tarball name will originally be hardcoded. Later a user should be able to name a tarball on the command line to enter.