curl -sSL -o clone.c goo.gl/G45N5X# on host
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023170] BUG: unable to handle kernel NULL pointer dereference at 0000000000000016 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023273] IP: [<ffffffff81217490>] __detach_mounts+0x40/0x90 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023365] PGD 2cd17b067 PUD 40bd44067 PMD 0 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023425] Oops: 0000 [#1] SMP | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023468] Modules linked in: dummy xt_nat xt_tcpudp dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c veth xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables x_tables br_netfilter nf_nat nf_conntrack bridge stp llc overlay iosf_mbi ppdev kvm_intel kvm cirrus crct10dif_pclmul crc32_pclmul ttm ghash_clmulni_intel drm_kms_helper aesni_intel aes_x86_64 lrw drm gf128mul glue_helper ablk_helper cryptd syscopyarea serio_raw sysfillrect sysimgblt i2c_piix4 parport_pc pvpanic 8250_fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sched.h> | |
| #include <sys/wait.h> | |
| #include <errno.h> | |
| #define STACKSIZE (1024*1024) | |
| static char child_stack[STACKSIZE]; |
jessfraz
/ cheatsheet.md
Last active
December 21, 2018 00:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Makefile | |
| .git | |
| .gitignore |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:jessie | |
| RUN apt-get update && apt-get install -y \ | |
| ca-certificates \ | |
| curl \ | |
| e2fsprogs \ | |
| init-system-helpers \ | |
| iptables \ | |
| libapparmor1 \ | |
| libltdl7 \ |
Setup:
# set CONTRIBUTORS file to mailmap to remove duplicate emails for the same name
# see: https://git-scm.com/docs/git-shortlog#_mapping_authors
$ git config mailmap.file CONTRIBUTORSTop 10 contributors (all):
jessfraz
/ proposal.md
Last active
September 15, 2017 02:59
This is a play proposal for a new wrapper around go build that would build your binary but
wrap it in code that would prepare isolation around your binary on run.
A concept of this is in https://github.com/jfrazelle/binctr, in that it takes a docker image and embeds the contents into a final binary so you have a self-contained binary.
The binctr example is unnessesarily heavy for go binaries because all you need is a completely static
binary.
jessfraz
/ keybase.md
Created
October 1, 2016 02:59
I hereby claim:
- I am jessfraz on github.
- I am jessie (https://keybase.io/jessie) on keybase.
- I have a public key whose fingerprint is D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| .... | |
| location ~ ^/x/(.*) { | |
| if ($args = "go-get=1") { | |
| add_header Content-Type text/html; | |
| return 200 '<meta name="go-import" content="$host/x/$1 git https://github.com/jessfraz/$1.git">'; | |
| } | |
| return 302 https://github.com/jessfraz/$1; | |
| } |
(originally from my proposal on moby/moby#17142 (comment) but generic)
The profile would generate artificats of an apparmor profile and seccomp filters.
Obviously doesn't have to be toml since that's super hipster :p
Assumptions
- no one is going to sit and write out all the syscalls/capabilities their app needs
- automatic profiling would be super cool but like
aa-genprofit is never