Created
August 20, 2015 07:28
-
-
Save Jc2k/22ce6a32a87cf400a10e to your computer and use it in GitHub Desktop.
Looks like i started trying to make my own docker - Feb 2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This demo expects the following directory structure: | |
| /bundle/ - empty directory | |
| /library/ | |
| /app1/ | |
| RANDOM FILES | |
| /app2/ | |
| RANDOM FILES | |
| /empty/ | |
| When spawner is run as root it will: | |
| * make a new mount namespace | |
| * bind mount /library/app1 to /bundle | |
| * bind mount /library/empty over /library making it look like an empty folder | |
| * drop you into a root shell | |
| You should compare an ls of these directories both inside and outside the provided shell and observe the differences. | |
| """ | |
| import os, sys | |
| from ctypes import CDLL, c_char_p, c_ulong, c_void_p, c_int | |
| MS_BIND = 4096 | |
| CLONE_NEWNS = 0x00020000 | |
| CLONE_NEWUTS = 0x04000000 | |
| CLONE_NEWIPC = 0x08000000 | |
| CLONE_NEWUSER = 0x10000000 | |
| CLONE_NEWPID = 0x20000000 | |
| CLONE_NEWNET = 0x40000000 | |
| libc = CDLL("libc.so.6") | |
| mount = libc.mount | |
| mount.argtypes = [c_char_p, c_char_p, c_char_p, c_void_p] | |
| mount.restypes = c_int | |
| unshare = libc.unshare | |
| unshare.argtypes = [c_int] | |
| unshare.restype = c_int | |
| rv = unshare(CLONE_NEWNS) | |
| if rv != 0: | |
| print "FAIL", rv | |
| sys.exit(1) | |
| rv = mount("/library/app1", "/bundle", None, MS_BIND, None) | |
| if rv != 0: | |
| print "COULD NOT MOUNT", rv | |
| sys.exit(1) | |
| rv = mount("/library/empty", "/library", None, MS_BIND, None) | |
| if rv != 0: | |
| print "COULD NOT HIDE", rv | |
| sys.exit(1) | |
| import os | |
| os.execvp("/bin/bash", ["/bin/bash"]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment