containers_from_basics.sh

# Install docker
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt -y install docker-ce
sudo usermod -aG docker $USER
# logout and login now

# Install g++
sudo apt install -y g++
sudo apt install cgroup-tools
sudo apt install stress

# UTS namesapce demo
gcc -o main main.c
sudo ./main

# PID namesapce demo
sudo unshare --fork --pid --mount-proc bash

# NET namespace demo
ip netns add demo
# exec "ip link list" inside the namespace
ip netns exec demo ip link list

# CPU cgroups demo
sudo cgcreate -g memory:mycoolgroup
ls -l /sys/fs/cgroup/memory/mycoolgroup/
sudo echo 10000000 >  /sys/fs/cgroup/memory/mycoolgroup/memory.kmem.limit_in_bytes
sudo cgexec -g memory:mycoolgroup bash

# capabilities
vim /usr/include/linux/capability.h
cat /proc/sys/kernel/cap_last_cap
capsh --print

# capabilities of a process
getpcaps 1
cat /proc/1/status | grep Cap
capsh --decode=0000003fffffffff

# cap_net_raw demo
capsh --print -- -c "/bin/ping -c 1 localhost"
capsh --drop=cap_net_raw --print -- -c "/bin/ping -c 1 localhost"

# cap_net_bind_service demo
capsh --print -- -c "nc -l 300"
capsh --inh=cap_net_bind_service --print -- -c "nc -l 300"

# docker demo
docker run --uts=host --rm -it ubuntu bash
docker run --pid=host --rm -it ubuntu bash
docker run --net=host --rm -it ubuntu bash
docker run --rm -it --cpu-period=50000 --cpu-quota=25000 progrium/stress -c 1
docker run --cap-drop=NET_BIND_SERVICE --rm -it appropriate/nc -l 100
# ref: https://docs.docker.com/engine/reference/run/

# docker image demo
# ref: https://microbadger.com/