https://github.com/OneThing98/ghost-project
When I started the project, I began it as an ambitious learning experience that I hoped to continue for a long period of time. Learning from the architecture of “runc” and my own previous research and development project, I approached it very methodically, breaking down each component into smaller testable chunks. I had to start from scratch with something that is very fundamental to container runtimes: “isolation.” So, I needed to create a Linux process in its own isolated environment.
I accomplished this in pretty much two files. main.go serves as the entry point. It reads the container configuration file, parses command-line arguments, and ultimately executes the process. The process of creating a new process starts with a clone system call with specific namespace flags so that the process starts in those namespaces. There is no direct implementation of CLONE_NEWNS and CLONE_NEWIPC in this commit, but I included those to lay the foundation for upcoming steps. SIGCHLD is used to let the parent process know when the child process dies, so that everything can be cleaned up properly. The child process is created in this way from isolated PID (Process ID) and UTS (Hostname).
I got the rootfs from a stopped Alpine image Docker container. All configurations are provided through container.json. We start by marking root as private so that any event changes, like mounts and unmounts, do not propagate to the host system. Bind mount is used to prepare the system for pivot_root. After pivot_root, the current working directory is finally changed to the new “rootfs” (although it needs to be explicitly done after the pivot_root operation). I also had to mount /proc for system queries.
Looking forward, I need to work on network namespaces and implement support for joining existing namespaces via setns. This needs to be done using network file descriptors. I also have to drop capabilities while performing various operations. Additionally, I want to set up a master-slave pty setup for interactive containers, along with Veth and bridge network setup. There are a lot of things to achieve in the next milestone, so let’s see how it goes…
Ghost 