root@ubuntu:~# echo $$
4249
# Switched back to initial namespace session
sargun@ubuntu:~$ ps u 4249
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
sargun 4249 0.1 0.1 15184 8704 pts/0 S+ 20:51 0:00 -bash
sargun@ubuntu:~$ hostname
ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
admin@github-int-yammer-com:~$ ls -alh /data/enterprise | |
total 64K | |
drwxr-xr-x 2 root root 4.0K 2013-01-14 12:02 . | |
drwxr-xr-x 15 git git 4.0K 2012-08-15 14:28 .. | |
lrwxrwxrwx 1 root root 37 2013-01-14 12:02 chef.log -> /var/log/chef/chef.20130114120254.log | |
-rw-r--r-- 1 root root 77 2013-01-14 07:25 chef_metadata.json | |
lrwxrwxrwx 1 root root 30 2013-01-14 12:02 code_debs -> /data/enterprise/ghp/code_debs | |
lrwxrwxrwx 1 root root 30 2013-01-14 12:02 cookbooks -> /data/enterprise/ghp/cookbooks | |
-rw-r--r-- 1 root root 2.7K 2012-02-07 00:55 customer.gpg | |
-rw-r--r-- 1 root root 19K 2013-01-14 12:02 dna.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description "service" | |
start on filesystem | |
stop on runlevel S | |
respawn | |
respawn limit 10 5 | |
oom never | |
kill timeout 86400 #If it's given a stop order, this is how long it will take to stop. |
sargun@ubuntu:~$ capsh --decode=$(gawk -F':\t+' '$1 == "CapEff" { print $2; }' /proc/$$/status)
0x0000000000000000=
root@ubuntu:~# capsh --decode=$(gawk -F':\t+' '$1 == "CapEff" { print $2; }' /proc/self/status)
0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,38,39,40
root@ubuntu:~# strace -e trace=unshare -e 'signal=!all' unshare --uts
unshare(CLONE_NEWUTS) = 0
root@ubuntu:~# strace -e trace=sethostname -e 'signal=!all' hostname foo
sethostname("foo", 3) = 0
+++ exited with 0 +++
root@ubuntu:~#
root@ubuntu:~# hostname
foo
root@ubuntu:~# strace -e trace=sethostname -e 'signal=!all' hostname foo
sethostname("foo", 3) = -1 EPERM (Operation not permitted)
hostname: you must be root to change the host name
+++ exited with 1 +++
sargun@ubuntu:~$ id
uid=1000(sargun) gid=1000(sargun) groups=1000(sargun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare),139(wireshark),999(docker)
sargun@ubuntu:~$ strace -e trace=sethostname hostname foo
sethostname("foo", 3) = -1 EPERM (Operation not permitted)
hostname: you must be root to change the host name
+++ exited with 1 +++
root@ubuntu:~# capsh --print
WARNING: libcap needs an update (cap=40 should have a name).
Current: =ep
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,38,39,40
Ambient set =
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
root@ubuntu:~# unshare -u
root@ubuntu:~# hostname foo
root@ubuntu:~# hostname
foo
NewerOlder