Go 照著 Deep into Container — Build your own container with Golang 這篇教學操作的時候,發現每次結束都需要執行:
sudo mount -t proc proc /proc
上網查之後,發現將 must(syscall.Mount("proc", "proc", "proc", 0, "")) 改為以下程式碼,聲明這個新的 mount namespace 獨立:
must(syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, ""))
defualtMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
must(syscall.Mount("proc", "/proc", "proc", uintptr(defualtMountFlags), ""))
solidity picoCTF Go ethernaut linux leetcode blockchain sql react leetcode-top-interview array medium typescript smart-contract solana javascript java ethereum easy css Linux zsh ubuntu two-pointer next.js jekyll http hardhat golang ethers Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA