Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # please run: mkdir /tmp/img ; docker export $(docker create centos) | tar -C /tmp/img/ -xvf -
- # before this script
- import os
- import ctypes
- from multiprocessing import Process
- CLONE_NEWUSER = 0x10000000
- CLONE_NEWPID = 0x20000000
- CLONE_NEWNET = 0x40000000
- CLONE_NEWNS = 0x00020000
- MS_PRIVATE = 0x40000
- MS_REC = 0x4000
- MS_NODEV = 0x4
- MS_NOEXEC = 0x8
- MS_NOSUID = 0x2
- MS_SLAVE = 0x80000
- MS_BIND = 4096
- libc = ctypes.CDLL(None)
- get_errno_loc = libc.__errno_location
- get_errno_loc.restype = ctypes.POINTER(ctypes.c_int)
- def unshare(flags):
- rc = libc.unshare(flags)
- if rc == -1:
- raise Exception(os.strerror(get_errno_loc()[0]))
- def mount(special_file, target, fs_type, flags, data):
- rc = libc.mount(special_file,
- target,
- fs_type,
- flags,
- data)
- if rc == -1:
- raise Exception(os.strerror(get_errno_loc()[0]))
- def unshare_user():
- print("I'm %s" % os.getuid())
- unshare(CLONE_NEWUSER)
- with open('/proc/self/uid_map', 'w') as file_:
- file_.write('0 1000 1')
- print("I'm %s" % os.getuid())
- def containerize():
- unshare_user()
- unshare(CLONE_NEWNET ^ CLONE_NEWPID ^ CLONE_NEWNS)
- process = Process(target=cmd)
- process.start()
- def cmd():
- root = ('/tmp/img')
- host = os.path.join(root, 'host')
- if not os.path.exists(host):
- os.makedirs(host)
- mount('none', '/', None, MS_REC ^ MS_PRIVATE, None)
- mount(root, root, None, MS_REC ^ MS_BIND, None)
- os.chdir(root)
- pivot_root('.', 'host')
- mount_proc()
- os.execve('/bin/bash', ['/bin/bash'], {'PATH': os.getenv('PATH')})
- def mount_proc():
- if not os.path.exists('/proc'):
- os.makedirs('/proc')
- mount('proc', '/proc', 'proc',
- MS_NODEV ^ MS_NOEXEC ^ MS_NOSUID, None)
- def pivot_root(new, old):
- rc = libc.pivot_root(new, old)
- if rc == -1:
- raise Exception(os.strerror(get_errno_loc()[0]))
- containerize()
Add Comment
Please, Sign In to add comment