oskarirauta/cntr_env

## cntr_env
*** NEXT COMES WHAT WAS IN /tmp/cntr_env FILE WHEN CREATING CONTAINER, THIS LINE IS NOT INCLUDED IN FILE ***
SHLVL=1
PWD=/
31973
cntr
0::/services/cntr/cntr
0::/services/cntr/cntr

## config.json
{
	"ociVersion": "1.0.0",
	"process": {
		"terminal": true,
		"user": {
			"uid": 0,
			"gid": 0
		},
		"args": [
			"/usr/sbin/sshd", "-D", "-e"
		],
		"env": [
			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
			"TERM=xterm",
			"ENV=/etc/profile"
		],
		"cwd": "/",
		"capabilities": {
			"bounding": [
				"CAP_KILL",
				"CAP_NET_RAW",
				"CAP_AUDIT_WRITE",
				"CAP_NET_BIND_SERVICE",
				"CAP_SETGID",
				"CAP_CHOWN",
				"CAP_FOWNER",
				"CAP_FSETID",
				"CAP_SETUID",
				"CAP_DAC_OVERRIDE",
				"CAP_SYS_CHROOT",
				"CAP_SYS_PTRACE"
			],
			"effective": [
				"CAP_KILL",
				"CAP_NET_RAW",
				"CAP_AUDIT_WRITE",
				"CAP_NET_BIND_SERVICE",
				"CAP_SETGID",
				"CAP_CHOWN"
			],
			"inheritable": [
				"CAP_KILL",
				"CAP_NET_RAW",
				"CAP_AUDIT_WRITE",
				"CAP_NET_BIND_SERVICE",
				"CAP_SETGID",
				"CAP_CHOWN",
				"CAP_FOWNER",
				"CAP_FSETID",
				"CAP_SETUID",
				"CAP_DAC_OVERRIDE",
				"CAP_SYS_CHROOT",
				"CAP_SYS_PTRACE"
			],
			"permitted": [
				"CAP_KILL",
				"CAP_NET_RAW",
				"CAP_AUDIT_WRITE",
				"CAP_NET_BIND_SERVICE",
				"CAP_SETGID",
				"CAP_CHOWN",
				"CAP_FOWNER",
				"CAP_FSETID",
				"CAP_SETUID",
				"CAP_DAC_OVERRIDE",
				"CAP_SYS_CHROOT",
				"CAP_SYS_PTRACE"
			],
			"ambient": [
				"CAP_KILL",
				"CAP_NET_RAW",
				"CAP_AUDIT_WRITE",
				"CAP_NET_BIND_SERVICE",
				"CAP_SETGID",
				"CAP_CHOWN"
			]
		},
		"rlimits": [
			{
				"type": "RLIMIT_NOFILE",
				"hard": 1024,
				"soft": 1024
			}
		],
		"noNewPrivileges": true
	},
	"root": {
		"path": "alpine",
		"readonly": false
	},
	"hostname": "crun",
	"mounts": [
		{
			"destination": "/proc",
			"type": "proc",
			"source": "proc"
		},
		{
			"destination": "/dev",
			"type": "tmpfs",
			"source": "tmpfs",
			"options": [
				"nosuid",
				"strictatime",
				"mode=755",
				"size=65536k",
			]
		},
		{
			"destination": "/dev/pts",
			"type": "devpts",
			"source": "devpts",
			"options": [
				"nosuid",
				"noexec",
				"newinstance",
				"ptmxmode=0666",
				"mode=0666",
				"gid=5"
			]
		},
		{
			"destination": "/dev/shm",
			"type": "tmpfs",
			"source": "shm",
			"options": [
				"nosuid",
				"noexec",
				"nodev",
				"mode=1777",
				"size=65536k"
			]
		},
		{
			"destination": "/dev/mqueue",
			"type": "mqueue",
			"source": "mqueue",
			"options": [
				"nosuid",
				"noexec",
				"nodev"
			]
		},
		{
			"destination": "/sys",
			"type": "sysfs",
			"source": "sysfs",
			"options": [
				"nosuid",
				"noexec",
				"nodev",
				"ro"
			]
		},
		{
			"destination": "/sys/fs/cgroup",
			"type": "cgroup",
			"source": "cgroup",
			"options": [
				"nosuid",
				"noexec",
				"nodev",
				"relatime",
				"ro"
			]
		},
		{
			"destination": "/tmp",
			"type": "tmpfs",
			"source": "tmpfs",
			"options": [
				"nosuid",
				"noexec",
				"nodev",
				"rw"
			]
		}
	],
	"linux": {
		"resources": {
			"devices": [
				{
					"allow": false,
					"access": "rwm"
				}
			]
		},
		"namespaces": [
			{
				"type": "pid"
			},
			{
				"type": "network",
			},
			{
				"type": "ipc",
			},
			{
				"type": "uts",
			},
			{
				"type": "cgroup"
			},
			{
				"type": "mount"
			},
			{
				"type": "user",
			}
		],
		"maskedPaths": [
			"/proc/acpi",
			"/proc/asound",
			"/proc/kcore",
			"/proc/keys",
			"/proc/latency_stats",
			"/proc/timer_list",
			"/proc/timer_stats",
			"/proc/sched_debug",
			"/sys/firmware",
			"/proc/scsi"
		],
		"readonlyPaths": [
			"/proc/bus",			"/proc/fs",
			"/proc/irq",
			"/proc/sys",
			"/proc/sysrq-trigger"
		]
	},
	"sysctl": {
		"net.ipv4.ip_unprivileged_port_start": "20",
		"net.ipv4.ip_forward": "1",
		"net.core.somaxconn": "256"
	},
	"hooks": {
		"createRuntime": [
			{
				"path": "/root/uxc/resolv.sh"
			}
		]
	}
}

## resolv.sh
#!/bin/sh
env > /tmp/cntr_env
echo $$ >> /tmp/cntr_env
cntr_name=$(cat /proc/$$/cgroup | cut -d '/' -f4)
echo ${cntr_name} >> /tmp/cntr_env
cat /proc/$$/cgroup >> /tmp/cntr_env
cat /proc/$PPID/cgroup >> /tmp/cntr_env
# this mostly prints various environmental values to /tmp/cntr_env - and it does get executed because /tmp/cntr_env exists
	* NEXT COMES WHAT WAS IN /tmp/cntr_env FILE WHEN CREATING CONTAINER, THIS LINE IS NOT INCLUDED IN FILE *
	SHLVL=1
	PWD=/
	31973
	cntr
	0::/services/cntr/cntr
	0::/services/cntr/cntr
	{
	"ociVersion": "1.0.0",
	"process": {
	"terminal": true,
	"user": {
	"uid": 0,
	"gid": 0
	},
	"args": [
	"/usr/sbin/sshd", "-D", "-e"
	],
	"env": [
	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
	"TERM=xterm",
	"ENV=/etc/profile"
	],
	"cwd": "/",
	"capabilities": {
	"bounding": [
	"CAP_KILL",
	"CAP_NET_RAW",
	"CAP_AUDIT_WRITE",
	"CAP_NET_BIND_SERVICE",
	"CAP_SETGID",
	"CAP_CHOWN",
	"CAP_FOWNER",
	"CAP_FSETID",
	"CAP_SETUID",
	"CAP_DAC_OVERRIDE",
	"CAP_SYS_CHROOT",
	"CAP_SYS_PTRACE"
	],
	"effective": [
	"CAP_KILL",
	"CAP_NET_RAW",
	"CAP_AUDIT_WRITE",
	"CAP_NET_BIND_SERVICE",
	"CAP_SETGID",
	"CAP_CHOWN"
	],
	"inheritable": [
	"CAP_KILL",
	"CAP_NET_RAW",
	"CAP_AUDIT_WRITE",
	"CAP_NET_BIND_SERVICE",
	"CAP_SETGID",
	"CAP_CHOWN",
	"CAP_FOWNER",
	"CAP_FSETID",
	"CAP_SETUID",
	"CAP_DAC_OVERRIDE",
	"CAP_SYS_CHROOT",
	"CAP_SYS_PTRACE"
	],
	"permitted": [
	"CAP_KILL",
	"CAP_NET_RAW",
	"CAP_AUDIT_WRITE",
	"CAP_NET_BIND_SERVICE",
	"CAP_SETGID",
	"CAP_CHOWN",
	"CAP_FOWNER",
	"CAP_FSETID",
	"CAP_SETUID",
	"CAP_DAC_OVERRIDE",
	"CAP_SYS_CHROOT",
	"CAP_SYS_PTRACE"
	],
	"ambient": [
	"CAP_KILL",
	"CAP_NET_RAW",
	"CAP_AUDIT_WRITE",
	"CAP_NET_BIND_SERVICE",
	"CAP_SETGID",
	"CAP_CHOWN"
	]
	},
	"rlimits": [
	{
	"type": "RLIMIT_NOFILE",
	"hard": 1024,
	"soft": 1024
	}
	],
	"noNewPrivileges": true
	},
	"root": {
	"path": "alpine",
	"readonly": false
	},
	"hostname": "crun",
	"mounts": [
	{
	"destination": "/proc",
	"type": "proc",
	"source": "proc"
	},
	{
	"destination": "/dev",
	"type": "tmpfs",
	"source": "tmpfs",
	"options": [
	"nosuid",
	"strictatime",
	"mode=755",
	"size=65536k",
	]
	},
	{
	"destination": "/dev/pts",
	"type": "devpts",
	"source": "devpts",
	"options": [
	"nosuid",
	"noexec",
	"newinstance",
	"ptmxmode=0666",
	"mode=0666",
	"gid=5"
	]
	},
	{
	"destination": "/dev/shm",
	"type": "tmpfs",
	"source": "shm",
	"options": [
	"nosuid",
	"noexec",
	"nodev",
	"mode=1777",
	"size=65536k"
	]
	},
	{
	"destination": "/dev/mqueue",
	"type": "mqueue",
	"source": "mqueue",
	"options": [
	"nosuid",
	"noexec",
	"nodev"
	]
	},
	{
	"destination": "/sys",
	"type": "sysfs",
	"source": "sysfs",
	"options": [
	"nosuid",
	"noexec",
	"nodev",
	"ro"
	]
	},
	{
	"destination": "/sys/fs/cgroup",
	"type": "cgroup",
	"source": "cgroup",
	"options": [
	"nosuid",
	"noexec",
	"nodev",
	"relatime",
	"ro"
	]
	},
	{
	"destination": "/tmp",
	"type": "tmpfs",
	"source": "tmpfs",
	"options": [
	"nosuid",
	"noexec",
	"nodev",
	"rw"
	]
	}
	],
	"linux": {
	"resources": {
	"devices": [
	{
	"allow": false,
	"access": "rwm"
	}
	]
	},
	"namespaces": [
	{
	"type": "pid"
	},
	{
	"type": "network",
	},
	{
	"type": "ipc",
	},
	{
	"type": "uts",
	},
	{
	"type": "cgroup"
	},
	{
	"type": "mount"
	},
	{
	"type": "user",
	}
	],
	"maskedPaths": [
	"/proc/acpi",
	"/proc/asound",
	"/proc/kcore",
	"/proc/keys",
	"/proc/latency_stats",
	"/proc/timer_list",
	"/proc/timer_stats",
	"/proc/sched_debug",
	"/sys/firmware",
	"/proc/scsi"
	],
	"readonlyPaths": [
	"/proc/bus", "/proc/fs",
	"/proc/irq",
	"/proc/sys",
	"/proc/sysrq-trigger"
	]
	},
	"sysctl": {
	"net.ipv4.ip_unprivileged_port_start": "20",
	"net.ipv4.ip_forward": "1",
	"net.core.somaxconn": "256"
	},
	"hooks": {
	"createRuntime": [
	{
	"path": "/root/uxc/resolv.sh"
	}
	]
	}
	}
	#!/bin/sh
	env > /tmp/cntr_env
	echo $$ >> /tmp/cntr_env
	cntr_name=$(cat /proc/$$/cgroup \| cut -d '/' -f4)
	echo ${cntr_name} >> /tmp/cntr_env
	cat /proc/$$/cgroup >> /tmp/cntr_env
	cat /proc/$PPID/cgroup >> /tmp/cntr_env
	# this mostly prints various environmental values to /tmp/cntr_env - and it does get executed because /tmp/cntr_env exists