Skip to content

NamelessOne91/COSO

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
assets
assets
 
 
cgroups
cgroups
 
 
cmd
cmd
 
 
command
command
 
 
filesystem
filesystem
 
 
namespaces
namespaces
 
 
network
network
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

COSO

Containerization Oriented Standard Operations

In Italian, the word "coso" is an informal term that is used to refer to a thing, object, or an unspecified item. It is often used when the specific name or term for something is not known or forgotten. It can also be used as a placeholder word when referring to a person whose name you can't remember or don't want to mention. In English, "coso" can be loosely translated as "thingy," "whatchamacallit," or "doodad."

Status: WIP

  • 30/06/23 - project start

Supported Namespaces:

  • PID
  • Network
  • UTS - aka hostname
  • User
  • Mount
  • IPC
  • Cgroups (work in progress)

Aim

COSO is mainly a study project to apply teachings on Linux containers internals. In the long run, the project should evolve in a Docker-like CLI capable of reading configurations files and spin up containers according to the given instructions.

Setup

Right now (01/07/23) some areas of COSO are not handled directly by the main binary executable.

  • Filesystem: a minimal Alpine distribution for x86_64 architecture is provided and used as lower layer
  • Networking: the configuration of the necessary devices used to route traffic from the standard namespace to the newly created one(s) is handled by a separate bynary: cosonet

You can run make fs-setup and make net-setup to configure the above.

Or just make run and follow the error messages :)

Running coso

IF the setup has been successfull, you should be able to run COSO with make run.

Note that if you have previosly installed Docker and are using the default network manager (cosonet), Internet access in the created network namespace may not be available as a result of Docker changing the iptables FORWARD chain policy to DROP.

To verify this is the case, use the command

sudo iptables -L

To enable packets forwarding to the custom interfaces handled by COSO, you can run the command

sudo iptables -P FORWARd ACCEPT

Customization

COSO expects a path to a root filesystem, to use as lower layer, and to an executable which can handle network devices creation. COSO will execute the following call when trying to setup network devices for the new process (running in a separate namespace):

<path to the executable> -pid <pid of the child process>

You can modify the 2 above mentioned paths with the following flags

Flag Type Default Meaning
rootfs string /tmp/coso/rootfs path to the root filesystem
network string /usr/local/bin/cosonet path to the executable which will handle the setup of network devices

About

Containerization Oriented Standard Operations

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages