Process.Init = true for the first process

[tmahesh]

I had to read the source code to debug why the process i start via container.Start() was not contained into the configured name spaces.

Is it expected that the first Process launched in the container have Init set to true?
If so, i can raise a PR on README.md to save others from having to read nsenter.c ;)

[cyphar]

Probably, yes (and feel free to send a PR).

However, we really don't recommend using libcontainer directly to actually start containers -- there are a lot of weird behaviours we have due to historical baggage (like using a modified version of os.Process). runc is actually (in theory) OCI-compliant and thus doesn't depend on the super messy internal libcontainer/config.Config awfulness.

[tmahesh]

pull req: 1958

@cyphar at hackerrank we execute user submitted code.
We are upgrading our platform to use namespaces, cgroups features of the kernel for isolation and use oci image spec to scale for ~40 odd language runtimes we support.

runc is a cli app and we prefer a project with language bindings to create the containerised language runtimes. Can you point to other projects with libcontainer kind of api we should explore?

thx for all ur work on rootless containers, btw. It was a pleasure to read ur code.