Deploy to GitHub pages

404.html

@@ -0,0 +1 @@
+<!DOCTYPE html><html><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16.png"/><link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16.png"/><link rel="icon" type="image/x-icon" href="/images/favicon.ico"/><title>404: This page could not be found</title><meta name="next-head-count" content="8"/><link data-next-font="size-adjust" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/cfac17cb37b27821.css" as="style" crossorigin=""/><link rel="stylesheet" href="/_next/static/css/cfac17cb37b27821.css" crossorigin="" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" crossorigin="" nomodule="" src="/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/_next/static/chunks/webpack-4e7214a60fad8e88.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/framework-5429a50ba5373c56.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/main-d2ba44903cd47711.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/pages/_app-0bd34052de026ce4.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/pages/_error-5a00309fd5f4b49e.js" defer="" crossorigin=""></script><script src="/_next/static/wxdrEA4DV2NLhLIbasLLF/_buildManifest.js" defer="" crossorigin=""></script><script src="/_next/static/wxdrEA4DV2NLhLIbasLLF/_ssgManifest.js" defer="" crossorigin=""></script></head><body><div id="__next"><div class="remix-app"><header class="navbar"><h1 class="navbar-brand"><a href="/">Complete Intro to Containers</a></h1><div class="navbar-info"><a href="https://frontendmasters.com/courses/complete-intro-containers-v2/" class="cta-btn">Watch on Frontend Masters</a></div></header><div class="content-container"><div class="main"><div style="font-family:system-ui,&quot;Segoe UI&quot;,Roboto,Helvetica,Arial,sans-serif,&quot;Apple Color Emoji&quot;,&quot;Segoe UI Emoji&quot;;height:100vh;text-align:center;display:flex;flex-direction:column;align-items:center;justify-content:center"><div style="line-height:48px"><style>body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}</style><h1 class="next-error-h1" style="display:inline-block;margin:0 20px 0 0;padding-right:23px;font-size:24px;font-weight:500;vertical-align:top">404</h1><div style="display:inline-block"><h2 style="font-size:14px;font-weight:400;line-height:28px">This page could not be found<!-- -->.</h2></div></div></div></div></div><footer class="footer"><ul class="socials"><li class="social"><a href="https://twitter.com/holtbt"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="40" height="32" viewBox="0 0 40 32"><defs><clipPath id="clip-twitter-social"><rect width="40" height="32"></rect></clipPath></defs><g id="twitter-social" clip-path="url(#clip-twitter-social)"><g id="Group_269" data-name="Group 269" transform="translate(-230.23 -1140.849)"><path id="Path_419" data-name="Path 419" d="M266.12,1148.861v1.035a23.092,23.092,0,0,1-1.507,8.1,24.08,24.08,0,0,1-4.475,7.381,22.175,22.175,0,0,1-7.306,5.4,24.129,24.129,0,0,1-10,2.07,23.7,23.7,0,0,1-6.667-.945,22.83,22.83,0,0,1-5.936-2.655q.959.091,1.963.09a16.518,16.518,0,0,0,5.434-.9,17.111,17.111,0,0,0,4.749-2.52,8.275,8.275,0,0,1-4.749-1.643,7.8,7.8,0,0,1-2.877-3.983,8.268,8.268,0,0,0,1.507.135,8.58,8.58,0,0,0,2.146-.27,8.16,8.16,0,0,1-5.685-4.344,8.326,8.326,0,0,1-.89-3.578v-.135a7.775,7.775,0,0,0,3.744,1.035,8.183,8.183,0,0,1-2.671-2.9,7.817,7.817,0,0,1-.982-3.848,7.948,7.948,0,0,1,1.1-4.05,23.53,23.53,0,0,0,16.895,8.46,9.221,9.221,0,0,1-.183-1.845,7.787,7.787,0,0,1,1.1-4.05,8.216,8.216,0,0,1,2.991-2.948,7.991,7.991,0,0,1,4.087-1.1,8.184,8.184,0,0,1,5.982,2.566,16.087,16.087,0,0,0,5.205-1.98,7.784,7.784,0,0,1-1.393,2.588,8.4,8.4,0,0,1-2.215,1.913,16.856,16.856,0,0,0,4.749-1.305A17.032,17.032,0,0,1,266.12,1148.861Z" fill="var(--footer-icons)"></path></g></g></svg></a></li><li class="social"><a href="https://github.com/btholt"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32" height="32" viewBox="0 0 32 32"><defs><clipPath id="clip-github-social"><rect width="32" height="32"></rect></clipPath></defs><g id="github-social" clip-path="url(#clip-github-social)"><g id="Group_272" data-name="Group 272" transform="translate(13522.5 -6994)"><path id="Subtraction_33" data-name="Subtraction 33" d="M-24967.5,8041a15.9,15.9,0,0,1-11.312-4.688A15.893,15.893,0,0,1-24983.5,8025a15.893,15.893,0,0,1,4.689-11.315A15.894,15.894,0,0,1-24967.5,8009a15.894,15.894,0,0,1,11.313,4.686A15.893,15.893,0,0,1-24951.5,8025a15.893,15.893,0,0,1-4.689,11.313A15.9,15.9,0,0,1-24967.5,8041Zm-3.781-4.571h0v3.918h7.895v-6.665a1.836,1.836,0,0,0-1.2-1.718c5.1-.617,7.467-2.975,7.467-7.424a7.176,7.176,0,0,0-1.637-4.728,6.74,6.74,0,0,0,.275-1.812,4.34,4.34,0,0,0-.52-2.452.574.574,0,0,0-.359-.1c-1.061,0-3.465,1.411-3.936,1.694a16.644,16.644,0,0,0-4.2-.489,16.379,16.379,0,0,0-3.969.445c-.846-.5-2.91-1.649-3.859-1.649a.566.566,0,0,0-.354.095,4.3,4.3,0,0,0-.521,2.452,6.7,6.7,0,0,0,.244,1.718,7.346,7.346,0,0,0-1.6,4.822,7.263,7.263,0,0,0,1.533,4.985c1.193,1.359,3.115,2.165,5.871,2.464a1.826,1.826,0,0,0-1.129,1.693v.5h0l-.006,0a7.121,7.121,0,0,1-2.033.363,2.608,2.608,0,0,1-.965-.158,4.438,4.438,0,0,1-1.836-1.881,2.361,2.361,0,0,0-1.248-1.091,3.472,3.472,0,0,0-1.217-.3.584.584,0,0,0-.545.224.282.282,0,0,0,.027.367,1.875,1.875,0,0,0,.447.307,4.732,4.732,0,0,1,.561.355,10.726,10.726,0,0,1,1.682,2.755c.043.092.078.163.105.217a3.876,3.876,0,0,0,2.42,1.185,6.036,6.036,0,0,0,.607.025c.875,0,1.988-.124,2-.125Z" transform="translate(11461 -1015)" fill="var(--footer-icons)"></path><g id="Ellipse_670" data-name="Ellipse 670" transform="translate(-13522.5 6994)" fill="none" stroke="var(--footer-icons)" stroke-width="1"><circle cx="16" cy="16" r="16" stroke="none"></circle><circle cx="16" cy="16" r="15.5" fill="none"></circle></g></g></g></svg></a></li><li class="social"><a href="https://linkedin.com/in/btholt"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="32" height="32" viewBox="0 0 32 32"><defs><clipPath id="clip-linkedin-social"><rect width="32" height="32"></rect></clipPath></defs><g id="linkedin-social" clip-path="url(#clip-linkedin-social)"><g id="Group_270" data-name="Group 270" transform="translate(-86.349 -633.073)"><path id="Path_375" data-name="Path 375" d="M115.789,633.073a2.324,2.324,0,0,1,1.682.676,2.194,2.194,0,0,1,.695,1.627V662.8a2.131,2.131,0,0,1-.695,1.609,2.314,2.314,0,0,1-1.646.659H88.69a2.307,2.307,0,0,1-1.646-.659,2.128,2.128,0,0,1-.695-1.609V635.376a2.19,2.19,0,0,1,.695-1.627,2.322,2.322,0,0,1,1.682-.676h27.063Zm-20.224,9.672a2.561,2.561,0,0,0,0-3.584,2.658,2.658,0,0,0-1.938-.712,2.724,2.724,0,0,0-1.957.712,2.371,2.371,0,0,0-.75,1.792,2.4,2.4,0,0,0,.731,1.792,2.605,2.605,0,0,0,1.9.713h.037A2.7,2.7,0,0,0,95.565,642.745ZM96,645.434H91.213V659.88H96Zm17.3,6.144a7.007,7.007,0,0,0-1.573-4.9,5.68,5.68,0,0,0-6.839-.769,5.663,5.663,0,0,0-1.426,1.573v-2.048H98.674q.036.841,0,7.717v6.728h4.791V651.8a3.592,3.592,0,0,1,.146-1.17,2.913,2.913,0,0,1,.878-1.206,2.429,2.429,0,0,1,1.609-.549,2.108,2.108,0,0,1,1.865.914,4.265,4.265,0,0,1,.549,2.341v7.752H113.3Z" fill="var(--footer-icons)"></path></g></g></svg></a></li><li class="social"><div class="terms"><p>Content Licensed Under CC-BY-NC-4.0</p><p>Code Samples and Excercises Licensed Under Apache 2.0</p><p>Site Designed by<!-- --> <a href="https://www.alexdanielson.com/">Alex Danielson</a></p></div></li></ul></footer></div><script async="" defer="" src="https://a.holt.courses/latest.js"></script><noscript><img src="https://a.holt.courses/noscript.gif" alt="" referrerPolicy="no-referrer-when-downgrade"/></noscript></div><script id="__NEXT_DATA__" type="application/json" crossorigin="">{"props":{"pageProps":{"statusCode":404}},"page":"/_error","query":{},"buildId":"wxdrEA4DV2NLhLIbasLLF","nextExport":true,"isFallback":false,"gip":true,"scriptLoader":[]}</script></body></html>

CNAME

@@ -0,0 +1 @@
+containers-v2.holt.courses

_next/data/wxdrEA4DV2NLhLIbasLLF/lessons/crafting-containers-by-hand/chroot.json

@@ -0,0 +1 @@
+{"pageProps":{"post":{"attributes":{"title":"chroot","description":"Learn how to use the Linux `chroot` command within containers to set a new root directory, isolating processes for enhanced security. Follow a step-by-step guide to create a new environment, copy necessary libraries, and successfully run commands within the isolated space.","keywords":["Linux chroot command","container security","isolating processes","copying libraries in chroot","Ubuntu Docker container","setting new root directory"]},"html":"<p>I&#39;ve heard people call this &quot;cha-root&quot; and &quot;change root&quot;. I&#39;m going to stick to &quot;change root&quot; because I feel less ridiculous saying that. It&#39;s a Linux command that allows you to set the root directory of a new process. In our container use case, we just set the root directory to be where-ever the new container&#39;s new root directory should be. And now the new container group of processes can&#39;t see anything outside of it, eliminating our security problem because the new process has no visibility outside of its new root.</p>\n<p>Let&#39;s try it. Start up a Ubuntu VM however you feel most comfortable. I&#39;ll be using Docker (and doing containers within containers 🤯). If you&#39;re like me, run <code>docker run -it --name docker-host --rm --privileged ubuntu:jammy</code>. This will download the <a href=\"https://hub.docker.com/_/ubuntu\">official Ubuntu container</a> from Docker Hub and grab the version marked with the <em>jammy</em> tag. In this case, <em>latest</em> means it&#39;s the latest stable release (22.04.) You could put <code>ubuntu:devel</code> to get the latest development of Ubuntu (as of writing that&#39;d be 24.04). <code>docker run</code> means we&#39;re going to run some commands in the container, and the <code>-it</code> means we want to make the shell interactive (so we can use it like a normal terminal.)</p>\n<p>If you&#39;re in Windows and using WSL, just open a new WSL terminal in Ubuntu. ✌️</p>\n<p>To see what version of Ubuntu you&#39;re using, run <code>cat /etc/issue</code>. <code>cat</code> reads a file and dumps it into the output which means we can read it, and <code>/etc/issue</code> is a file that will tell us what distro we&#39;re using. Mine says <code>Ubuntu 22.04.4 LTS \\n \\l</code>.</p>\n<p>Okay, so let&#39;s attempt to use <code>chroot</code> right now.</p>\n<ol>\n<li>Make a new folder in your root directory via <code>mkdir /my-new-root</code>.</li>\n<li>Inside that new folder, run <code>echo &quot;my super secret thing&quot; &gt;&gt; /my-new-root/secret.txt</code>.</li>\n<li>Now try to run <code>chroot /my-new-root bash</code> and see the error it gives you.</li>\n</ol>\n<p>You should see something about failing to run a shell or not being able to find bash. That&#39;s because bash is a program and your new root wouldn&#39;t have bash to run (because it can&#39;t reach outside of its new root.) So let&#39;s fix that! Run:</p>\n<ol>\n<li><code>mkdir /my-new-root/bin</code></li>\n<li><code>cp /bin/bash /bin/ls /my-new-root/bin/</code></li>\n<li><code>chroot /my-new-root bash</code></li>\n</ol>\n<p>Still not working! The problem is that these commands rely on libraries to power them and we didn&#39;t bring those with us. So let&#39;s do that too. Run <code>ldd /bin/bash</code>. This print out something like this:</p>\n<pre><code class=\"hljs language-bash\">$ ldd /bin/bash\n    linux-vdso.so.1 (0x0000ffffbe221000)\n    libtinfo.so.6 =&gt; /lib/aarch64-linux-gnu/libtinfo.so.6 (0x0000ffffbe020000)\n    libc.so.6 =&gt; /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffffbde70000)\n    /lib/ld-linux-aarch64.so.1 (0x0000ffffbe1e8000)\n</code></pre><p>These are the libraries we need for bash. Let&#39;s go ahead and copy those into our new environment.</p>\n<ol>\n<li><code>mkdir /my-new-root/lib</code></li>\n<li>Then we need to copy all those paths (ignore the lines that don&#39;t have paths) into our directory. Make sure you get the right files in the right directory. In my case above (yours likely will be different) it&#39;s:<ol>\n<li><code>cp /lib/aarch64-linux-gnu/libtinfo.so.6 /lib/aarch64-linux-gnu/libc.so.6 /lib/ld-linux-aarch64.so.1 /my-new-root/lib</code></li>\n</ol>\n</li>\n<li>Do it again for <code>ls</code>. Run <code>ldd /bin/ls</code></li>\n<li>Follow the same process to copy the libraries for <code>ls</code> into our <code>my-new-root</code>.<ol>\n<li><code>cp  /lib/aarch64-linux-gnu/libselinux.so.1 /lib/aarch64-linux-gnu/libc.so.6 /lib/ld-linux-aarch64.so.1 /lib/aarch64-linux-gnu/libpcre2-8.so.0 /my-new-root/lib</code></li>\n</ol>\n</li>\n</ol>\n<p>Now, finally, run <code>chroot /my-new-root bash</code> and run <code>ls</code>. You should successfully see everything in the directory. Now try <code>pwd</code> to see your working directory. You should see <code>/</code>. You can&#39;t get out of here! This, before being called containers, was called a jail for this reason. At any time, hit CTRL+D or run <code>exit</code> to get out of your chrooted environment.</p>\n<h2>cat exercise</h2>\n<p>Now try running <code>cat secret.txt</code>. Oh no! Your new chroot-ed environment doesn&#39;t know how to cat! As an exercise, go make <code>cat</code> work the same way we did above!</p>\n<p>Congrats you just cha-rooted the **** out of your first environment!</p>\n","markdown":"\nI've heard people call this \"cha-root\" and \"change root\". I'm going to stick to \"change root\" because I feel less ridiculous saying that. It's a Linux command that allows you to set the root directory of a new process. In our container use case, we just set the root directory to be where-ever the new container's new root directory should be. And now the new container group of processes can't see anything outside of it, eliminating our security problem because the new process has no visibility outside of its new root.\n\nLet's try it. Start up a Ubuntu VM however you feel most comfortable. I'll be using Docker (and doing containers within containers 🤯). If you're like me, run `docker run -it --name docker-host --rm --privileged ubuntu:jammy`. This will download the [official Ubuntu container][ubuntu] from Docker Hub and grab the version marked with the _jammy_ tag. In this case, _latest_ means it's the latest stable release (22.04.) You could put `ubuntu:devel` to get the latest development of Ubuntu (as of writing that'd be 24.04). `docker run` means we're going to run some commands in the container, and the `-it` means we want to make the shell interactive (so we can use it like a normal terminal.)\n\nIf you're in Windows and using WSL, just open a new WSL terminal in Ubuntu. ✌️\n\nTo see what version of Ubuntu you're using, run `cat /etc/issue`. `cat` reads a file and dumps it into the output which means we can read it, and `/etc/issue` is a file that will tell us what distro we're using. Mine says `Ubuntu 22.04.4 LTS \\n \\l`.\n\nOkay, so let's attempt to use `chroot` right now.\n\n1. Make a new folder in your root directory via `mkdir /my-new-root`.\n1. Inside that new folder, run `echo \"my super secret thing\" >> /my-new-root/secret.txt`.\n1. Now try to run `chroot /my-new-root bash` and see the error it gives you.\n\nYou should see something about failing to run a shell or not being able to find bash. That's because bash is a program and your new root wouldn't have bash to run (because it can't reach outside of its new root.) So let's fix that! Run:\n\n1. `mkdir /my-new-root/bin`\n1. `cp /bin/bash /bin/ls /my-new-root/bin/`\n1. `chroot /my-new-root bash`\n\nStill not working! The problem is that these commands rely on libraries to power them and we didn't bring those with us. So let's do that too. Run `ldd /bin/bash`. This print out something like this:\n\n```bash\n$ ldd /bin/bash\n\tlinux-vdso.so.1 (0x0000ffffbe221000)\n\tlibtinfo.so.6 => /lib/aarch64-linux-gnu/libtinfo.so.6 (0x0000ffffbe020000)\n\tlibc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffffbde70000)\n\t/lib/ld-linux-aarch64.so.1 (0x0000ffffbe1e8000)\n```\n\nThese are the libraries we need for bash. Let's go ahead and copy those into our new environment.\n\n1. `mkdir /my-new-root/lib`\n1. Then we need to copy all those paths (ignore the lines that don't have paths) into our directory. Make sure you get the right files in the right directory. In my case above (yours likely will be different) it's:\n   1. `cp /lib/aarch64-linux-gnu/libtinfo.so.6 /lib/aarch64-linux-gnu/libc.so.6 /lib/ld-linux-aarch64.so.1 /my-new-root/lib`\n1. Do it again for `ls`. Run `ldd /bin/ls`\n1. Follow the same process to copy the libraries for `ls` into our `my-new-root`.\n   1. `cp  /lib/aarch64-linux-gnu/libselinux.so.1 /lib/aarch64-linux-gnu/libc.so.6 /lib/ld-linux-aarch64.so.1 /lib/aarch64-linux-gnu/libpcre2-8.so.0 /my-new-root/lib`\n\nNow, finally, run `chroot /my-new-root bash` and run `ls`. You should successfully see everything in the directory. Now try `pwd` to see your working directory. You should see `/`. You can't get out of here! This, before being called containers, was called a jail for this reason. At any time, hit CTRL+D or run `exit` to get out of your chrooted environment.\n\n## cat exercise\n\nNow try running `cat secret.txt`. Oh no! Your new chroot-ed environment doesn't know how to cat! As an exercise, go make `cat` work the same way we did above!\n\nCongrats you just cha-rooted the \\*\\*\\*\\* out of your first environment!\n\n[ubuntu]: https://hub.docker.com/_/ubuntu\n","slug":"chroot","title":"chroot","section":"Crafting Containers by Hand","icon":"hand-holding-heart","filePath":"/home/runner/work/complete-intro-to-containers-v2/complete-intro-to-containers-v2/lessons/02-crafting-containers-by-hand/B-chroot.md","nextSlug":"/lessons/crafting-containers-by-hand/namespaces","prevSlug":"/lessons/crafting-containers-by-hand/what-are-containers"}},"__N_SSG":true}