root@ubuntu:~# echo $$
4249
# Switched back to initial namespace session
sargun@ubuntu:~$ ps u 4249
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
sargun 4249 0.1 0.1 15184 8704 pts/0 S+ 20:51 0:00 -bash
sargun@ubuntu:~$ hostname
ubuntu
Sargun Dhillon sargun
sargun
/ gist:4533994
Created
January 14, 2013 22:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin@github-int-yammer-com:~$ ls -alh /data/enterprise | |
| total 64K | |
| drwxr-xr-x 2 root root 4.0K 2013-01-14 12:02 . | |
| drwxr-xr-x 15 git git 4.0K 2012-08-15 14:28 .. | |
| lrwxrwxrwx 1 root root 37 2013-01-14 12:02 chef.log -> /var/log/chef/chef.20130114120254.log | |
| -rw-r--r-- 1 root root 77 2013-01-14 07:25 chef_metadata.json | |
| lrwxrwxrwx 1 root root 30 2013-01-14 12:02 code_debs -> /data/enterprise/ghp/code_debs | |
| lrwxrwxrwx 1 root root 30 2013-01-14 12:02 cookbooks -> /data/enterprise/ghp/cookbooks | |
| -rw-r--r-- 1 root root 2.7K 2012-02-07 00:55 customer.gpg | |
| -rw-r--r-- 1 root root 19K 2013-01-14 12:02 dna.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description "service" | |
| start on filesystem | |
| stop on runlevel S | |
| respawn | |
| respawn limit 10 5 | |
| oom never | |
| kill timeout 86400 #If it's given a stop order, this is how long it will take to stop. |
sargun
/ inspect.md
Created
August 27, 2021 03:55
sargun@ubuntu:~$ capsh --decode=$(gawk -F':\t+' '$1 == "CapEff" { print $2; }' /proc/$$/status)
0x0000000000000000=root@ubuntu:~# capsh --decode=$(gawk -F':\t+' '$1 == "CapEff" { print $2; }' /proc/self/status)
0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,38,39,40
sargun
/ hostname3.md
Created
August 27, 2021 03:51
root@ubuntu:~# strace -e trace=unshare -e 'signal=!all' unshare --uts
unshare(CLONE_NEWUTS) = 0
root@ubuntu:~# strace -e trace=sethostname -e 'signal=!all' hostname foo
sethostname("foo", 3) = 0
+++ exited with 0 +++
root@ubuntu:~#
root@ubuntu:~# hostname
foo
sargun
/ hostname2.md
Created
August 27, 2021 03:50
root@ubuntu:~# strace -e trace=sethostname -e 'signal=!all' hostname foo
sethostname("foo", 3) = -1 EPERM (Operation not permitted)
hostname: you must be root to change the host name
+++ exited with 1 +++
sargun
/ hostname.md
Created
August 27, 2021 03:49
sargun@ubuntu:~$ id
uid=1000(sargun) gid=1000(sargun) groups=1000(sargun),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare),139(wireshark),999(docker)
sargun@ubuntu:~$ strace -e trace=sethostname hostname foo
sethostname("foo", 3) = -1 EPERM (Operation not permitted)
hostname: you must be root to change the host name
+++ exited with 1 +++root@ubuntu:~# capsh --print
WARNING: libcap needs an update (cap=40 should have a name).
Current: =ep
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,38,39,40
Ambient set =
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
sargun
/ hostname3.md
Created
August 27, 2021 03:46
root@ubuntu:~# unshare -u
root@ubuntu:~# hostname foo
root@ubuntu:~# hostname
fooNewerOlder