This makes it possible to simply wrap a command inside a container. This makes
it easier to use a container as an unified build environment.
Examples:
~/workspace/docker
$ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu ls
AUTHORS Makefile archive.go changes.go docker
[...]
docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd
/home/marco/workspace/docker
ip from iproute2 replaces the legacy route tool which is often not
installed by default on recent Linux distributions.
The same patch has been done in network.go and is re-used here.
- Before starting the container, docker injects itself inside the container by mount binding the dockerd binary into /sbin/init
- Instead of running the user process directly inside the container, we run /sbin/init targetprocess [args...]
- When docker is run as /sbin/init (e.g. argv[0] == "/sbin/init"), then its own sys init code kicks in
- The sys init code will be responsible for setting up the process environment prior to its execution (setuid, networking, ...).
- Finally, docker's sys init will exec() the container's process, thus replacing itself with the target binary (which will be running as pid 1)
