Description
You will have to run a Linux image. Couple of ways to do this:
1. Use Oracle’s Virtual Box with a Linux image (like Ubuntu 20.04)
2. Spin up micro instance on AWS using the free 1 year when setup the account.
Problem 1.
Demonstrate using unshare mounting another file system within a mnt namespace.
1. mkdir -p /tmp/hw2/home/test
2. Then within a mnt namespace do the following: mount –rbind /home/ubuntu /tmp/hw2/home/test
3. Show that while inside the mnt namespace you can access the /home/ubuntu files in /tmp/hw2/home/test. But outside it you cannot access /tmp/hw2/home/test.
Problem 2:
Establish a user namespace as an unprivileged user with a root user within it.
Note that you can use the “sh -c whoami” both inside and outside the user namespace to show your results. Make sure you are an unprivileged user outside the container ($ prompt) when you create it.
Problem 3:
As a root user set up a net namespace to prevent access to the Internet.
Demonstrate using “curl icanhazip.com” both inside and outside the namespace.
Problem 4:
Establish a persistent UTS namespace, and modify the hostname. The namespace is then entered with nsenter. The namespace is destroyed by unmounting the bind reference.
1. Create an empty file in /tmp (touch /tmp/myuts).
2. Then use unshare to enter the uts namespace (using /tmp/myuts) and set the hostname to DOCKERCLASS.
3. Exit the uts namespace.
4. Then use nsenter to enter the uts namespace (using /tmp/myuts) and print out the hostname, which should still be DOCKERCLASS (the /tmp/myuts acts as a persistent uts namespace).
5. Destroy the persistent namespace by unmounting the bind reference (umount /root/myuts).
Problem 5:
1. Create a cgroup called “hw2” under pids resource (/sys/fs/cgroup/pids/)
2. Set the maximum pids allowed per process in this “hw2” cgroup to 10 .
3. Create a container with “unshare -i -m -n -p -u -U –fork –mount-proc /bin/bash” .
4. Outside the container move the pid for it into the “hw2” cgroup. (Use the “echo <pid>” command).
5. Inside the container run the fork bomb “:(){ :|:& };:” without the double quote marks.
6. Submit the resulting text from within the containers.
Also submit the “ps aux” (or “ps fax”) output text from outside the container.
