Stage 0: 用于和runc create交互,设置uid_map

We’re in the parent. Our job is just to create a new child (stage 1: JUMP_CHILD) process and write its uid_map and gid_map.
That process (stage 1: JUMP_CHILD) will go on to create a new process, then it will send us its PID which we will send to the bootstrap process.

Stage 1: 加入新的namespace

We’re in the first child process. Our job is to join any provided namespaces in the netlink payload and unshare all of the requested namespaces. If we’ve been asked to CLONE_NEWUSER, we will ask our parent (stage 0) to set up our user mappings for us.

先执行join_namespaces: 加入已有的namespace
在执行unshare:创建新的namespace

Then, we create a new child (stage 2: JUMP_INIT) for PID namespace. We then send the child’s PID to our parent (stage 0).

we must fork a new process in order to enter the PID namespace.

Stage 2: 完成清理,启动go runtime

We’re the final child process, and the only process that will actually return to the Go runtime. Our job is to just do the final cleanup steps and then return to the Go runtime to allow init_linux.go to run.