Project 7: The “Poor Man’s Docker” (Container Runtime)

A program that runs a command in an isolated environment. It will have its own Process ID tree (PID 1), its own mount table, and its own hostname. It’s a mini-Docker.

Quick Reference

Attribute	Value
Primary Language	Go or C
Alternative Languages	Rust, Python
Difficulty	Level 4: Expert
Time Estimate	2 weeks
Knowledge Area	Namespaces / Cgroups
Tooling	Linux Namespaces
Prerequisites	Project 2 (Shell), Root access.

What You Will Build

A program that runs a command in an isolated environment. It will have its own Process ID tree (PID 1), its own mount table, and its own hostname. It’s a mini-Docker.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

Namespaces: Using unshare() or clone() with flags.
Root Filesystem: Setting up chroot or pivot_root (the “jail”).
ProcFS: Mounting a fresh /proc so ps inside the container only shows container processes.

Key Concepts

PID Namespace: Process isolation.
Mount Namespace: Filesystem isolation.
Chroot/Pivot_root: Root directory isolation.

Real-World Outcome

$ sudo ./mycontainer run /bin/bash
container# ps aux
PID   USER     COMMAND
1     root     /bin/bash
2     root     ps aux
container# hostname
container-host
container# exit

Implementation Guide

Reproduce the simplest happy-path scenario.
Build the smallest working version of the core feature.
Add input validation and error handling.
Add instrumentation/logging to confirm behavior.
Refactor into clean modules with tests.

Milestones

Milestone 1: Minimal working program that runs end-to-end.
Milestone 2: Correct outputs for typical inputs.
Milestone 3: Robust handling of edge cases.
Milestone 4: Clean structure and documented usage.

Validation Checklist

Output matches the real-world outcome example
Handles invalid inputs safely
Provides clear errors and exit codes
Repeatable results across runs

References

Main guide: LEARN_LINUX_UNIX_INTERNALS_DEEP_DIVE.md
“The Linux Programming Interface”