Seonglae Cho Traditional sandbox first appeared in Unix in 1979, BSD shortly afterwards.
changes the meaning of "/" for a process (and its children). chroot("/tmp/jail")will disallow processes from getting out of the jail. And used to be the de-facto sandboxing utility
mkdir new-root/lib -p mkdir new-root/lib64 -p mkdir new-root/bin -p cp /bin/bash new-root/bin/ ldd /bin/bash cp /lib/x86_64-linux-gnu/libtinfo.so.5 new-root/lib/ cp /lib/x86_64-linux-gnu/libdl.so.2 new-root/lib/ cp /lib/x86_64-linux-gnu/libc.so.6 new-root/lib/ cp /lib64/ld-linux-x86-64.so.2 new-root/lib64/ chroot new-root /bin/bash
root 밖으로 벗어날 수 없음 일반적으로
하지만
escape_chroot.c 같은 파일로 탈옥가능탈옥했다는 거는 real root를 취득했다는 말
chroot pitfalls: previously open resources
Neither of the effects of chroot() do anything to previously-open resources.
docker image chroot
cd /tmp mkdir nginx-root docker export $(docker create nginx) | tar -C nginx-root -xvf - chroot nginx-root /bin/sh ls
Google Cloud metrics | Cloud Monitoring
"type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] Cloud Monitoring supports the metric types from Google Cloud services listed on this page.
http://cloud.google.com/monitoring/api/metrics_gcp#gcp-run
