Created
July 29, 2016 04:38
-
-
Save JonathonMA/9f7f09dca7225e4dd6b66620a0577a57 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cat > Dockerfile << EOF | |
| FROM debian:jessie | |
| ENV APPDIR=/srv/app | |
| VOLUME \$APPDIR | |
| WORKDIR \$APPDIR | |
| RUN \ | |
| groupadd -g 1000 appgrp &&\ | |
| groupadd -g 1001 secgrp &&\ | |
| useradd -u 1000 -g 1000 -Ms /bin/bash appusr &&\ | |
| useradd -u 1001 -g 1001 -Ms /bin/bash secusr &&\ | |
| true | |
| EOF | |
| docker build -t permtest . | |
| echo ">> Creating a secret file as the secret user" | |
| docker run --rm -it \ | |
| -v `pwd`:/srv/app \ | |
| -u secusr \ | |
| permtest \ | |
| sh -c "echo imsecret > secret.txt && chmod 0600 secret.txt && ls -l secret.txt" | |
| echo ">> Attempting to read the secret file as the unprivileged user" | |
| docker run --rm -it \ | |
| -v `pwd`:/srv/app \ | |
| -u appusr \ | |
| permtest \ | |
| sh -c "ls -l secret.txt && cat secret.txt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment