Skip to content

firesock/setns-shell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
poc
poc
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
rustfmt.toml
rustfmt.toml
 
 

Repository files navigation

setns-shell

Bring your shell into Rootless Docker containers with you!

Zsh:

$(readelf --string-dump .interp $(which zsh) | awk '/ld-linux/ {print $NF}') --library-path ${module_path} --preload "$(find ${module_path} -iname "*.so" -printf "%p:")" $(which zsh)
module_path=./target/debug zmodload libsetns_shell; zcompile -ac /tmp/full.zwc; setns_shell <PID 1 of container> /tmp/full.zwc
# Then copy/paste output back into shell

TODO

  • wrapper script using source
  • mount instead of setns into process
  • bash support

Caveats and Limitations

  • Process that setns is called in doesn't enter designated PID namespace, only remembers it for it's child processes. This is by design of the syscall, and shouldn't really matter unless the running process needs to play with in-container process' without doing a fork-and-exec.

About

setns shenanigans

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages