chroot

Traditional sandbox first appeared in Unix in 1979, BSD shortly afterwards.

changes the meaning of "/" for a process (and its children). chroot("/tmp/jail")will disallow processes from getting out of the jail. And used to be the de-facto sandboxing utility


mkdir new-root/lib -p
mkdir new-root/lib64 -p
mkdir new-root/bin -p
cp /bin/bash new-root/bin/
ldd /bin/bash
cp /lib/x86_64-linux-gnu/libtinfo.so.5 new-root/lib/
cp /lib/x86_64-linux-gnu/libdl.so.2 new-root/lib/
cp /lib/x86_64-linux-gnu/libc.so.6 new-root/lib/
cp /lib64/ld-linux-x86-64.so.2 new-root/lib64/
chroot new-root /bin/bash

root 밖으로 벗어날 수 없음 일반적으로

하지만 escape_chroot.c 같은 파일로 탈옥가능

탈옥했다는 거는 real root를 취득했다는 말

chroot pitfalls: previously open resources

Neither of the effects of chroot() do anything to previously-open resources.

docker image chroot


cd /tmp
mkdir nginx-root
docker export $(docker create nginx) | tar -C nginx-root -xvf -
chroot nginx-root /bin/sh
ls

Google Cloud metrics | Cloud Monitoring

"type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }] Cloud Monitoring supports the metric types from Google Cloud services listed on this page.

http://cloud.google.com/monitoring/api/metrics_gcp#gcp-run

chroot

chroot pitfalls: previously open resources

docker image chroot

Backlinks

Recommendations