monochromatic blog:
git clone git://
Log | Files | Refs

commit 2f632792c1cb87d291f8e94203b3e57f74e17034
parent 6fb1ca3b95398796f2874bea8451dfd191dd71f1
Author: z3bra <willyatmailoodotorg>
Date:   Thu, 31 Mar 2016 06:26:10 +0000

Typos in hand-crafted containers, thanks jwilk

2016/03/hand-crafted-containers.txt | 10+++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/2016/03/hand-crafted-containers.txt b/2016/03/hand-crafted-containers.txt @@ -20,7 +20,7 @@ host operating system. This isolation can happen in different places (namespaces), be it in the network, the filesystem, the process tree, or all of them (there are more, in fact. More on this later). -We can differenciate three types of containers: +We can differentiate three types of containers: + operating system containers + application containers @@ -123,7 +123,7 @@ part here is the following: > dynamically linked, interpreter /lib/ Dynamically linked binaries cannot be run on their own. Long story short, -`/lib/` is a program that is implicitely called to run all +`/lib/` is a program that is implicitly called to run all the dynamic binaries on a linux system, it's called the [linker]( So in order to have a binary run in the chroot, you need to copy over the linker AND all the libraries @@ -160,7 +160,7 @@ for a linker and libc in the chroot: Let's take a look at the size of this "container". For scale, the "[Smallest possible docker container](" -weights 3.6Mib... +weighs 3.6Mib... $ du -sh rootfs 720K rootfs @@ -192,7 +192,7 @@ This tool is the one that will actually isolate containers. It has been created especially for this purpose, and will let you run a process unshared from different namespaces: mount, user, network, PID, IPC and UTS. In the same order, each flag will separate your `command` from the given -namespace. See `unshare(1)` for more informations: +namespace. See `unshare(1)` for more information: unshare -m -U -n -p -i -u <command> @@ -227,7 +227,7 @@ You need to be familiar with the concept of (veth) pairs here. Virtual ethernet devices pairs acts like both ends of a tube: when a packet is written on one end, it is also written on the other. This simple concept will -help us get an internet acces *inside* the container, while using the network +help us get an internet access *inside* the container, while using the network stack of the host. The process is easy: we will create a `veth` pair, move one end inside the