Lei Wang
@hatsuyuki280 不应该都是S3的接口吗?国内云厂商也要考虑对S3兼容的,随便改动应该不会涉及这一块
## Test in dind image ``` root@kata:~/ctrsploit/bin/release# docker run --privileged --name some-docker -d --network some-network --network-alias docker -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-ca:/certs/ca -v some-docker-certs-client:/certs/client -v $(pwd):/ctrsploit docker:20.10.0-beta1-dind fee6122104abc407d9bb3b2fa4acafc168c29e15b78b8255c84ad65c4e54cd0e root@kata:~/ctrsploit/bin/release# docker exec...
## Test in vm ``` root@kata:~/docker_archive# docker compose -f docker-compose.kvm.yml up -d [+] Running 2/2 ✔ Network docker-20-10-0-beta1-containerd-1-4-1_default Created 0.1s ✔ Container docker-20-10-0-beta1-containerd-1-4-1-vm-1 Started root@kata:~/docker_archive# ssh -p 20102 [email protected] [email protected]'s...
## dind 20.10.4 ``` root@kata:~/ctrsploit/bin/release# docker run --privileged --name some-docker -d --network some-network --network-alias docker -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-ca:/certs/ca -v some-docker-certs-client:/certs/client -v $(pwd):/ctrsploit docker:20.10.4-dind Unable to find image 'docker:20.10.4-dind' locally...
## dind 20.10.3 ``` root@kata:~/ctrsploit/bin/release# docker run --privileged --name some-docker -d --network some-network --network-alias docker -e DOCKER_TLS_CERTDIR=/certs -v some-docker-certs-ca:/certs/ca -v some-docker-certs-client:/certs/client -v $(pwd):/ctrsploit docker:20.10.3-dind e8c4273feb7f024cdde0e1db1a225e201f5fedb401b647167d8c8284c4fe8a48 root@kata:~/ctrsploit/bin/release# docker exec -ti some-docker...
单纯替换 dockerd 为 20.10.4 无效,说明不是dockerd的问题。 ``` # wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.4.tgz # tar xzvf docker-20.10.4.tgz # docker cp docker/dockerd some-docker:/usr/local/bin/ # docker restart some-docker # docker exec -ti some-docker sh / #...
与 containerd 也无关 ``` root@kata:/tmp# docker cp docker/containerd some-docker:/usr/local/bin/ Successfully copied 39.6MB to some-docker:/usr/local/bin/ root@kata:/tmp# docker restart some-docker some-docker root@kata:/tmp# docker exec -ti some-docker ash / # docker run -ti...
确定是 runc 影响了dind 的seccomp ``` root@kata:/tmp# docker cp docker/runc some-docker:/usr/local/bin/ Successfully copied 14.2MB to some-docker:/usr/local/bin/ root@kata:/tmp# docker exec -ti some-docker ash / # docker version Client: Docker Engine - Community...
dind 的 runc 是 static linked ``` # file runc runc: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 3.2.0, Go BuildID=7M46prQkUC_2XYTjmEf3/d80BcKf7OzWOe1n8b71S/bDo8Ta0vB1OWADy4FscO/zkPzq25FpxKLnnqiyAUz, BuildID[sha1]=a26c398c01be95b41c63fd553756ae8747835a96, not stripped ```...