Create a container with Golang on MacOS - syscall.CLONE_NEWUTS not working

Question

Learning how to implement containers on Golang, using MacOS Terminal, I'm trying to implement the following code as promoted on Docker:

unc main() {
    switch os.Args[1] {
    case "run":
        run()
    default:
        panic("Bad Command")
    }
}

func run() {
    fmt.Printf("Running %v \n", os.Args[2:])
    cmd := exec.Command(os.Args[2], os.Args[3:]...)
    cmd.Stdin = os.Stdin
    cmd.Stdout = os.Stdout
    cmd.Stderr = os.Stderr
    cmd.SysProcAttr = &syscall.SysProcAttr{
        Cloneflags: syscall.CLONE_NEWUTS,
    }
    cmd.Run()
}

However it seems that syscall.CLONE_NEWUTS works only with Linux. How could I implement this on Mac ?

Answer 1

thanks for @guites answer it worked with me. but adding the extra flag may be an unneeded workaround.

to solve this without adding the CLONE_NEWUSER flag you need to run your script as root. but buy default go executable run as non-root so you will need to build your script first and then run it with sudo.

go build main.go
sudo ./main

That what worked for me.

Answer 2

I don't have a macos at hand, but if you're running into a similar problem on linx (ubuntu), first check if you are running your go run . as root.

If you are not, you will need an extra flag (syscall.CLONE_NEWUSER) passed into SysProcAttr:

func run() {
  fmt.Printf("Running %v \n", os.Args[2:])
  cmd := exec.Command(os.Args[2], os.Args[3:]...)
  cmd.Stdin = os.Stdin
  cmd.Stdout = os.Stdout
  cmd.Stderr = os.Stderr
  cmd.SysProcAttr = &syscall.SysProcAttr{
    Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWUSER,
}
cmd.Run()

What I think happens here is that without the syscall.NEWUSER flag, you will try to clone the current process as root, which you do not have permission to do so.

By the way OPs snippet is taken from https://www.youtube.com/watch?v=8fi7uSYlOdc (in which all commands are run as the root user).