You can get a sort of "reader's digest" version of this by having a look at "bocker". It's about 120 lines of bash that implements the important bits of docker using nsenter, btrfs, cgcreate, etc.
If you were looking to create testing for networking, i.e., simulating network dropouts for a client-server connections, is this something that you can use namespaces for, or would virtual machines be more fit for purpose?
While I am too familiar with it to suggest effort required, looking at the Openstack project and how they provision tenant networks may help.
It is just python with a three tier model with a message bus. But how they interface with libvirt may help if the namespace abstraction support for the 'ip' command is too clunky for you.
It doesn't give you independent stacks and openvswitch will let you build almost anything you would need.
Ok interesting I'll take a look. I was looking at libvirt, specifically how red hat was doing testing for its container ecosystem to see if there wasn't some juice to squeeze out of how they are managing it.
The userspace stuff of the Linux kernel doesn’t change all that much, and iproute2 (the ip command) has been around for a while. The only difference is that it’s a little easier to write Go programs now, and you don’t need to mess around with $GOPATH.
https://www.polarsparc.com/xhtml/Containers-2.html