github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

test/images: add no_new_privs test container 

Using the image:

```
$ docker run --rm -it --user 1000 gcr.io/google_containers/nonewprivs:1.0
Effective uid: 0

$ docker run --rm -it --user 1000 --security-opt no-new-privileges gcr.io/google_containers/nonewprivs:1.0
Effective uid: 1000
```

Signed-off-by: Jess Frazelle <acidburn@google.com>
pull/6/head
Jess Frazelle 2017-06-06 16:05:01 -04:00
parent e1493c9c88
commit e81daf48b5
No known key found for this signature in database
GPG Key ID: 18F3685C0022BFF3
4 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
test/images/nonewprivs/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
nnp

20
test/images/nonewprivs/Dockerfile Normal file
View File

@ -0,0 +1,20 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM alpine:latest
COPY nnp /usr/local/bin/nnp
RUN chmod +s /usr/local/bin/nnp
CMD ["nnp"]

33
test/images/nonewprivs/Makefile Normal file
View File

@ -0,0 +1,33 @@
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
.PHONY: all image push clean
TAG = 1.2
PREFIX = gcr.io/google_containers
all: push
nnp: nnp.c
gcc -static -o $@ $@.c
image: nnp
docker build --pull -t $(PREFIX)/nonewprivs:$(TAG) .
push: image
gcloud docker -- push $(PREFIX)/nonewprivs:$(TAG)
clean:
rm -f nnp

22
test/images/nonewprivs/nnp.c Normal file
View File

@ -0,0 +1,22 @@
// Copyright 2017 The Kubernetes Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
int main(int argc, char *argv[]){
printf("Effective uid: %d\n", geteuid());
return 0;
}