The preparatory talk covers all the basics you'll need for this workshop, including:
- Linux syscalls and glibc wrappers
- chroot vs pivot_root
- namespaces
- cgroups
- capabilities
- and more
Use the provided slides while advancing through the levels, adding more features to your container. Remember to go over each level's readme, and if things get rough - you can always find the solution for level N in the level N+1 skeleton.
Not all the necessary system calls are exposed in python's standard library. In addition, we want to preserve the semantics of the system calls and use them as if we were writing C. We therefore wrote a python module called linux (take a look at linux.c) which exposes the relevant system calls. Have a look at the module documentation for more info.
There are currently 3 options to start the workshop by yourself:
- We created a public AMI with the required configuration and utilities already installed: ami-8faab0e3 (eu-west-1).
- We provide a packer template so you can create your own AMI.
- We have a Vagrantfile for you to run using your favorite virtual machine hypervisor (NOTE: not yet fully tested).
The workshop material in checked in /workshop
on the instance:
/workshop/rubber-docker
- this repository, where you do all the work/workshop/images
- images for containers, already populated with ubuntu and busybox images
Before starting the workshop, go over the prep docs in the docs
folder.
Start the workshop at /workshop/rubber-docker/levels/00_fork_exec
.