Linux kernel namespace: erinevus redaktsioonide vahel

Sissejuhatus

TODO

Misc

kasutaja@ph-minio-01:~$ unshare --user --net --map-root-user /bin/bash

root@ph-minio-01:~# ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

root@ph-minio-01:~# ip addr add 127.0.0.1 dev lo
root@ph-minio-01:~# ip link set up dev lo

root@ph-minio-01:~# ping -c 2 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.020 ms

--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1023ms
rtt min/avg/max/mdev = 0.016/0.018/0.020/0.002 ms

ning

root@ph-minio-01:~# lsns -n | grep kasutaja
4026532406 user       1  5124 kasutaja         /bin/bash
4026532407 net        1  5124 kasutaja         /bin/bash

root@ph-minio-01:~# lsns 4026532406
  PID  PPID USER     COMMAND
 5124  4954 kasutaja /bin/bash

root@ph-minio-01:~# lsns 4026532407
  PID  PPID USER     COMMAND
 5124  4954 kasutaja /bin/bash

Piiratud keskkonna moodustamine

kasutaja@ph-minio-01:~$ unshare --user --net --pid --map-root-user --mount --fork /bin/bash

root@ph-minio-01:~# mount --make-rprivate /

root@ph-minio-01:~# mount -t proc proc /proc

root@ph-minio-01:~# mount -t sysfs sysfs /sys

root@ph-minio-01:~# mkdir /tmp/empty

root@ph-minio-01:~# mount --bind /tmp/empty /sys/bus/pci

Tulemusena

root@ph-minio-01:~# lspci
lspci: Cannot open /sys/bus/pci/devices

root@ph-minio-01:~# /usr/sbin/driverctl list-devices
driverctl: No overridable devices found. Kernel too old?

root@ph-minio-01:~# dmesg
dmesg: read kernel buffer failed: Operation not permitted

root@ph-minio-01:~# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State

Kasulikud lisamaterjalid

• TODO