README.md

@@ -7,6 +7,7 @@ Hochschule Bochum, Campus Velbert/Heiligenhaus
  * [Anleitung für Vortragende](https://gitlab.cvh-server.de/pgerwinski/ow/-/raw/master/online-werkzeuge-extra.pdf)
  * [Anleitung für die IT-Abteilung](https://gitlab.cvh-server.de/pgerwinski/ow/-/raw/master/online-werkzeuge-admin.pdf)
  * [**Warum gerade diese Online-Werkzeuge?**](https://gitlab.cvh-server.de/pgerwinski/ow/-/raw/master/online-werkzeuge-nachhaltig.pdf)
+ * [Beschreibung Docker & Container](https://gitlab.cvh-server.de/aco/ow/-/raw/docker/docker-container.pdf)
 
 Copyright © 2020  Peter Gerwinski
 

namespace_isolation.c

+// compile with
+// gcc -Wall -O3 -o namespace_isolation namespace_isolation.c
+// found at:
+// https://www.toptal.com/linux/separation-anxiety-isolating-your-system-with-linux-namespaces
+//
+
+#define _GNU_SOURCE
+#include <sched.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#define CHILD_STACK_SIZE 1048576
+static char child_stack[CHILD_STACK_SIZE];
+
+static int child_fn() {
+  // Calling unshare() from inside the init process 
+  // lets you create a new namespace 
+  // after a new process has been spawned.
+  unshare(CLONE_NEWNET);
+
+  printf("New `net` Namespace:\n");
+  int ret = system("ip link");
+  printf("\n\n");
+  return ret;
+}
+
+int main() {
+  printf("Original `net` Namespace:\n");
+  int ret = system("ip link");
+  printf("\n\n");
+
+  pid_t child_pid = clone(child_fn, \
+    child_stack + CHILD_STACK_SIZE, \
+    CLONE_NEWPID | CLONE_NEWNS | SIGCHLD, NULL);
+
+  waitpid(child_pid, NULL, 0);
+  return ret;
+}
\ No newline at end of file