container security
TRANSCRIPT
![Page 1: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/1.jpg)
![Page 3: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/3.jpg)
![Page 5: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/5.jpg)
![Page 6: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/6.jpg)
![Page 7: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/7.jpg)
![Page 8: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/8.jpg)
![Page 9: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/9.jpg)
![Page 10: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/10.jpg)
![Page 11: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/11.jpg)
![Page 12: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/12.jpg)
![Page 13: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/13.jpg)
![Page 14: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/14.jpg)
![Page 15: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/15.jpg)
![Page 16: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/16.jpg)
![Page 17: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/17.jpg)
![Page 18: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/18.jpg)
![Page 19: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/19.jpg)
![Page 20: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/20.jpg)
![Page 21: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/21.jpg)
![Page 22: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/22.jpg)
![Page 23: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/23.jpg)
![Page 24: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/24.jpg)
![Page 25: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/25.jpg)
![Page 26: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/26.jpg)
![Page 27: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/27.jpg)
![Page 28: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/28.jpg)
![Page 29: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/29.jpg)
![Page 30: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/30.jpg)
![Page 31: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/31.jpg)
![Page 32: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/32.jpg)
RUNgroupadd-ruser&&useradd-r-guseruserUSERuser
![Page 33: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/33.jpg)
![Page 34: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/34.jpg)
FROMdebianRUNapt-getupdate&&apt-getinstall-ycurlRUNcurlhttp://sourcecode.com/file.tgz-o/file.tgzRUNtarxzf/file.tgz&&makeRUNrm/file.tgz
![Page 35: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/35.jpg)
FROMdebianRUNapt-getupdate&&apt-getinstall-ycurlRUNcurlhttp://sourcecode.com/file.tgz-o/file.tgz&&tarxzf/file.tgz&&make&&rm/file.tgz
![Page 36: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/36.jpg)
#CopygithubsshkeyCOPYgithub_rsa/root/.ssh/id_rsa...#RemovesshkeyRUNrm/root/.ssh/id_rsa
![Page 37: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/37.jpg)
$dockerrun--read-onlydebiantouchxtouch:cannottouch'x':Read-onlyfilesystem
![Page 38: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/38.jpg)
$dockerrun-v$(pwd)/secrets:/secrets:ro\debiantouch/secrets/xtouch:cannottouch'/secrets/x':Read-onlyfilesystem
![Page 39: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/39.jpg)
$dockerrun--cap-dropSETUID--cap-dropSETGIDmyimage$dockerrun--cap-dropALL--cap-add...
![Page 40: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/40.jpg)
$dockerrun-dmyimage$dockerrun-d-c512myimage$dockerrun-d-c512myimage
![Page 41: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/41.jpg)
$dockerrun-m512mmyimage
![Page 42: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/42.jpg)
![Page 43: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/43.jpg)
$dockerrundebian\find/-perm+6000-typef-execls-ld{}\;2>/dev/null-rwsr-xr-x1rootroot10248Apr1500:02/usr/lib/pt_chown-rwxr-sr-x1rootshadow62272Nov202014/usr/bin/chage-rwsr-xr-x1rootroot75376Nov202014/usr/bin/gpasswd-rwsr-xr-x1rootroot53616Nov202014/usr/bin/chfn...
![Page 44: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/44.jpg)
FROMdebian:wheezyRUNfind/-perm+6000-typef-execchmoda-s{}\;\||true
![Page 45: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/45.jpg)
$dockerbuild-tdefanged-debian....Successfullybuilt526744cf1bc1$dockerrun--rmdefanged-debian\find/-perm+6000-typef-execls-ld{}\;\2>/dev/null|wc-l0$
![Page 46: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/46.jpg)
![Page 47: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/47.jpg)
![Page 48: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/48.jpg)
![Page 49: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/49.jpg)
![Page 50: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/50.jpg)
$dockerdaemon--icc=false
![Page 51: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/51.jpg)
![Page 52: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/52.jpg)
![Page 53: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/53.jpg)
![Page 54: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/54.jpg)
![Page 55: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/55.jpg)
$sestatus|grepmodeCurrentmode:enforcing$mkdirdata$echo"hello">data/file$dockerrun-v$(pwd)/data:/datadebiancat/data/filecat:/data/file:Permissiondenied
![Page 56: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/56.jpg)
$ls--scontextdataunconfined_u:object_r:user_home_t:s0file$chcon-Rtsvirt_sandbox_file_tdata$dockerrun-v$(pwd)/data:/datadebiancat/data/filehello
![Page 57: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/57.jpg)
![Page 58: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/58.jpg)
![Page 59: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/59.jpg)
![Page 60: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/60.jpg)
![Page 61: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/61.jpg)
![Page 62: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/62.jpg)
![Page 63: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/63.jpg)
![Page 64: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/64.jpg)
![Page 65: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/65.jpg)
![Page 66: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/66.jpg)
$dockerrun-eAPI_TOKEN=MY_SECRETmyimage
![Page 67: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/67.jpg)
$dockerrun-eAPI_TOKEN=MY_SECRETmyimage
![Page 68: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/68.jpg)
$dockerrun-eAPI_TOKEN=MY_SECRETmyimage
![Page 69: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/69.jpg)
$dockerrun-eAPI_TOKEN=MY_SECRETmyimage
![Page 70: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/70.jpg)
$dockerrun-eAPI_TOKEN=MY_SECRETmyimage
![Page 71: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/71.jpg)
$dockerrun-v/secretdir/keyfile:/keyfile:romyimage$dockerrun--volumes-frommy-secret-containermyimage
![Page 72: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/72.jpg)
$dockerrun-v/secretdir/keyfile:/keyfile:romyimage$dockerrun--volumes-frommy-secret-containermyimage
![Page 74: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/74.jpg)
![Page 75: Container Security](https://reader031.vdocuments.mx/reader031/viewer/2022021815/588174861a28abf7478b68f3/html5/thumbnails/75.jpg)