SlideShare une entreprise Scribd logo

Hacking Containers - Looking at Cgroups

Eng Teong Cheah
Eng Teong Cheah

This session walked through the components found in containers and how to potentially exploit them.

Technologie
1  sur  14
Télécharger pour lire hors ligne
Hacking Containers Looking at Cgroups
Eng Teong Cheah Microsoft MVP
Looking at Cgroups Inside the Kali virtual machine in the cloud, let’s begin by creating a very simple container that will give us a shell:
Looking at Cgroups We should now be editing our Dockerfile within the containers/easy directory. The following lines should be entered into that file to be able to create a simple container: The file we have created is known as Dockerfile. Each and every command in the file has meaning; for example, FROM (1) represents one command in the container and will be stored as a Singapore command in the storage file system CMD (2) represents another command.
Looking at Cgroups Let’s build and run our container so that we can explore cgroups: These container commands will first build a container in the current directory (3) using the Dockerfile we created and will assign it tag of the ghh-easy (4). We can then execute a dicker command to run the container in interactive mode.
Looking at Cgroups The control groups on a Kali System will be based on cgroups version 2, which allows for tight controls. One of the major differences between version 1 and version 2 is the directory hierarchy, which is viewable by using the syst file at /sys/fs/cgroup.
Looking at Cgroups In cgroup version 1, each resource had its own hierarchy, and the map to namespaces: • CPU • cpuacct • cpuset • devices • freezer • memory • netcls • PIDs
Looking at Cgroups The following commands should be performed in a new windows, as we should leave a Docker container running: The first command will put us in the proc directory of Linux, specifically in the process ID of the running Docker container (5) The second command will output the cgroup location that our process is running.
Looking at Cgroups Let’s return to our Kali host. Here are some commands that can help us work with the Docker API: docker container ls This command shows all containers running or stopped. docker stop This command stops stops the containers. docker run This command removes a container.
Namespaces Nsmespaces and cgroups are tightly linked, as namespaces are how the Linux Kernel can form constraints around specific items. Namespaces, similar to how programming like C++ use them, allow for a process or collection of kernel control objects to be grouped together. This grouping limits or controls what that process or object can see.
Namespaces To leverage the namespace, we can use a set of APIs that are exposed by the kernel itself: clone() This will clone a process and then create the appropriate namespace for it. setns() This allows an existing process to move into a namespace that we may be able to use. unshare() This moves the process out of a namespace
Namespaces You might find that exploits designed for use in the kernel outside of a container fail, and the reason they fail may have to do with the visibility the exploit has on the individual items on the disk. You may have to rewrite your exploit to leverage a different set of APIs to move outside of a namespace and back into the global namespace.
Demo Looking at Cgroups
References Gray Hat Hacking, Sixth Edition

Recommandé

Talk about Docker
Talk about DockerTalk about Docker
Talk about Docker
Meng-Ze Lee
 
Linux containers & Devops
Linux containers & DevopsLinux containers & Devops
Linux containers & Devops
Maciej Lasyk
 
Hack the whale
Hack the whaleHack the whale
Hack the whale
Marco Ferrigno
 
Lecture eight to be introduced in class.
Lecture eight to be introduced in class.Lecture eight to be introduced in class.
Lecture eight to be introduced in class.
nigamsajal14
 
docker.pdf
docker.pdfdocker.pdf
docker.pdf
EishaTirRaazia1
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 

Recommandé

Talk about Docker
Talk about DockerTalk about Docker
Talk about Docker
Meng-Ze Lee
 
Linux containers & Devops
Linux containers & DevopsLinux containers & Devops
Linux containers & Devops
Maciej Lasyk
 
Hack the whale
Hack the whaleHack the whale
Hack the whale
Marco Ferrigno
 
Lecture eight to be introduced in class.
Lecture eight to be introduced in class.Lecture eight to be introduced in class.
Lecture eight to be introduced in class.
nigamsajal14
 
docker.pdf
docker.pdfdocker.pdf
docker.pdf
EishaTirRaazia1
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020Docker Essentials Workshop— Innovation Labs July 2020
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
Docker @ Atlogys
Docker @ AtlogysDocker @ Atlogys
Docker @ Atlogys
Atlogys Technical Consulting
 
Securing docker containers
Securing docker containersSecuring docker containers
Securing docker containers
Mihir Shah
 
Docker.pdf
Docker.pdfDocker.pdf
Docker.pdf
UsamaMushtaq24
 
Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016
XP Conference India
 
Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2
Binary Studio
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
 
Docker Security
Docker SecurityDocker Security
Docker Security
BladE0341
 
Docker
DockerDocker
Docker
Abhishek Tomar
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
Ganesh Samarthyam
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
CodeOps Technologies LLP
 
Docker interview Questions-2.pdf
Docker interview Questions-2.pdfDocker interview Questions-2.pdf
Docker interview Questions-2.pdf
Yogeshwaran R
 
Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2
Binary Studio
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and Docker
Megha Bansal
 
Containers & Security
Containers & SecurityContainers & Security
Containers & Security
All Things Open
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
Paul Chao
 
手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇
Philip Zheng
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
Massimiliano Dessì
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbies
Yigal Elefant
 
An introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developersAn introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developers
Robert McFrazier
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Docker, Inc.
 
Monitoring Models
Monitoring ModelsMonitoring Models
Monitoring Models
Eng Teong Cheah
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
Eng Teong Cheah
 

Contenu connexe

Similaire à Hacking Containers - Looking at Cgroups

Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
kanedafromparis
 

Similaire à Hacking Containers - Looking at Cgroups (20)

Docker @ Atlogys
Docker @ AtlogysDocker @ Atlogys
Docker @ Atlogys
 
Securing docker containers
Securing docker containersSecuring docker containers
Securing docker containers
 
Docker.pdf
Docker.pdfDocker.pdf
Docker.pdf
 
Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016Introduction to Docker - Learning containerization XP conference 2016
Introduction to Docker - Learning containerization XP conference 2016
 
Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2Academy PRO: Docker. Lecture 2
Academy PRO: Docker. Lecture 2
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Docker
DockerDocker
Docker
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Docker interview Questions-2.pdf
Docker interview Questions-2.pdfDocker interview Questions-2.pdf
Docker interview Questions-2.pdf
 
Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2Academy PRO: Docker. Part 2
Academy PRO: Docker. Part 2
 
Containerization and Docker
Containerization and DockerContainerization and Docker
Containerization and Docker
 
Containers & Security
Containers & SecurityContainers & Security
Containers & Security
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
 
手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇手把手帶你學 Docker 入門篇
手把手帶你學 Docker 入門篇
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
 
Hands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbiesHands on introduction to docker security for docker newbies
Hands on introduction to docker security for docker newbies
 
An introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developersAn introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developers
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
 

Plus de Eng Teong Cheah

Plus de Eng Teong Cheah (20)

Monitoring Models
Monitoring ModelsMonitoring Models
Monitoring Models
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
 
Training Optimal Models
Training Optimal ModelsTraining Optimal Models
Training Optimal Models
 
Deploying Models
Deploying ModelsDeploying Models
Deploying Models
 
Machine Learning Workflows
Machine Learning WorkflowsMachine Learning Workflows
Machine Learning Workflows
 
Working with Compute
Working with ComputeWorking with Compute
Working with Compute
 
Working with Data
Working with DataWorking with Data
Working with Data
 
Experiments & TrainingModels
Experiments & TrainingModelsExperiments & TrainingModels
Experiments & TrainingModels
 
Automated Machine Learning
Automated Machine LearningAutomated Machine Learning
Automated Machine Learning
 
Getting Started with Azure Machine Learning
Getting Started with Azure Machine LearningGetting Started with Azure Machine Learning
Getting Started with Azure Machine Learning
 
Hacking Containers - Container Storage
Hacking Containers - Container StorageHacking Containers - Container Storage
Hacking Containers - Container Storage
 
Hacking Containers - Linux Containers
Hacking Containers - Linux ContainersHacking Containers - Linux Containers
Hacking Containers - Linux Containers
 
Data Security - Storage Security
Data Security - Storage SecurityData Security - Storage Security
Data Security - Storage Security
 
Application Security- App security
Application Security- App securityApplication Security- App security
Application Security- App security
 
Application Security - Key Vault
Application Security - Key VaultApplication Security - Key Vault
Application Security - Key Vault
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host Security
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter Security
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Dernier (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Hacking Containers - Looking at Cgroups

  • 3. Looking at Cgroups Inside the Kali virtual machine in the cloud, let’s begin by creating a very simple container that will give us a shell:
  • 4. Looking at Cgroups We should now be editing our Dockerfile within the containers/easy directory. The following lines should be entered into that file to be able to create a simple container: The file we have created is known as Dockerfile. Each and every command in the file has meaning; for example, FROM (1) represents one command in the container and will be stored as a Singapore command in the storage file system CMD (2) represents another command.
  • 5. Looking at Cgroups Let’s build and run our container so that we can explore cgroups: These container commands will first build a container in the current directory (3) using the Dockerfile we created and will assign it tag of the ghh-easy (4). We can then execute a dicker command to run the container in interactive mode.
  • 6. Looking at Cgroups The control groups on a Kali System will be based on cgroups version 2, which allows for tight controls. One of the major differences between version 1 and version 2 is the directory hierarchy, which is viewable by using the syst file at /sys/fs/cgroup.
  • 7. Looking at Cgroups In cgroup version 1, each resource had its own hierarchy, and the map to namespaces: • CPU • cpuacct • cpuset • devices • freezer • memory • netcls • PIDs
  • 8. Looking at Cgroups The following commands should be performed in a new windows, as we should leave a Docker container running: The first command will put us in the proc directory of Linux, specifically in the process ID of the running Docker container (5) The second command will output the cgroup location that our process is running.
  • 9. Looking at Cgroups Let’s return to our Kali host. Here are some commands that can help us work with the Docker API: docker container ls This command shows all containers running or stopped. docker stop This command stops stops the containers. docker run This command removes a container.
  • 10. Namespaces Nsmespaces and cgroups are tightly linked, as namespaces are how the Linux Kernel can form constraints around specific items. Namespaces, similar to how programming like C++ use them, allow for a process or collection of kernel control objects to be grouped together. This grouping limits or controls what that process or object can see.
  • 11. Namespaces To leverage the namespace, we can use a set of APIs that are exposed by the kernel itself: clone() This will clone a process and then create the appropriate namespace for it. setns() This allows an existing process to move into a namespace that we may be able to use. unshare() This moves the process out of a namespace
  • 12. Namespaces You might find that exploits designed for use in the kernel outside of a container fail, and the reason they fail may have to do with the visibility the exploit has on the individual items on the disk. You may have to rewrite your exploit to leverage a different set of APIs to move outside of a namespace and back into the global namespace.