概述
mount namespace 是用来隔离各个进程看到的挂载点视图。
与chroot()将某一个子目录变成根节点类似,mount namespace以更加灵活和安全的方式实现。
源码
package main
import (
"os/exec"
"syscall"
"os"
"log"
)
func main() {
cmd := exec.Command("sh")
cmd.SysProcAttr = &syscall.SysProcAttr{
Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS,
}
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {
log.Fatal(err)
}
}
测试
查看一下/proc的文件内容。proc 是一个文件系统,它提供额外的机制可以从内核和内核模块将信息发送给进程。
go run mount.go
//宿主机proc
sh-4.2# ls /proc
1 15232 17505 229 3 5 8375 buddyinfo execdomains key-users mtrr swaps zoneinfo
10 15235 17524 230 30 5092 863 bus fb kmsg net sys
11074 15487 18 234 327 5093 875 cgroups filesystems kpagecount pagetypeinfo sysrq-trigger
11077 15758 19 241 350 512 9 cmdline fs kpageflags partitions sysvipc
12120 16 2 253 357 516 930 consoles interrupts loadavg sched_debug timer_list
12123 16003 20 254 38 520 935 cpuinfo iomem locks schedstat timer_stats
13 16151 21 27 40 525 936 crypto ioports mdstat scsi tty
14 16173 2213 28 41 56 9424 devices irq meminfo self uptime
14885 16177 223 29 42 7 9427 diskstats kallsyms misc slabinfo version
14888 16185 227 29202 43 796 99 dma kcore modules softirqs vmallocinfo
15 17 228 29710 490 8 acpi driver keys mounts stat vmstat
//将/proc mount到我们自己的namesapce
sh-4.2# mount -t proc proc /proc
sh-4.2# ls /proc
1 cmdline dma interrupts keys locks mtrr scsi sys uptime
4 consoles driver iomem key-users mdstat net self sysrq-trigger version
acpi cpuinfo execdomains ioports kmsg meminfo pagetypeinfo slabinfo sysvipc vmallocinfo
buddyinfo crypto fb irq kpagecount misc partitions softirqs timer_list vmstat
bus devices filesystems kallsyms kpageflags modules sched_debug stat timer_stats zoneinfo
cgroups diskstats fs kcore loadavg mounts schedstat swaps tty
//使用 ps 来查看系统的进程
sh-4.2# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 18:10 pts/4 00:00:00 sh
root 6 1 0 18:11 pts/4 00:00:00 ps -ef
