zoukankan      html  css  js  c++  java

  • nsenter into docker. selinux(semanage,restorecon)

    Docker容器运行后,如何进入容器进行操作呢?起初我是用SSH。如果只启动一个容器,用SSH还能应付,只需要将容器的22端口映射到本机的一个端口即可。当我启动了五个容器后,每个容器默认是没有配置SSH Server的,安装配置SSHD,映射容器SSH端口,实在是麻烦。

    我发现很多Docker镜像都是没有安装SSHD服务的,难道有其他方法进入Docker容器?

    浏览了Docker的文档,我没有找到答案。还是要求助于无所不能的Google,万能的Google告诉我用nsenter吧。

    在大多数Linux发行版中,util-linux包中含有nsenter.如果没有,你需要安装它.

    cd /tmp
curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz 
  | tar -zxf-
cd util-linux-2.24
./configure --without-ncurses
make nsenter
cp nsenter /usr/local/bin

    使用shell脚本 docker-enter,将如下代码保存为docker-enter, chomod +x docker-enter

      #!/bin/sh

  if [ -e $(dirname "$0")/nsenter ]; then
    # with boot2docker, nsenter is not in the PATH but it is in the same folder
    NSENTER=$(dirname "$0")/nsenter
  else
    NSENTER=nsenter
  fi

  if [ -z "$1" ]; then
    echo "Usage: `basename "$0"` CONTAINER [COMMAND [ARG]...]"
    echo ""
    echo "Enters the Docker CONTAINER and executes the specified COMMAND."
    echo "If COMMAND is not specified, runs an interactive shell in CONTAINER."
  else
    PID=$(docker inspect --format "{{.State.Pid}}" "$1")
    if [ -z "$PID" ]; then
      exit 1
    fi
    shift

    OPTS="--target $PID --mount --uts --ipc --net --pid --"

    if [ -z "$1" ]; then
      # No command given.
      # Use su to clear all host environment variables except for TERM,
      # initialize the environment variables HOME, SHELL, USER, LOGNAME, PATH,
      # and start a login shell.
      "$NSENTER" $OPTS su - root
    else
      # Use env to clear all host environment variables.
      "$NSENTER" $OPTS env --ignore-environment -- "$@"
    fi

    If your OS has SELinux enabled and you want to run Weave Net as a systemd unit, then follow the instructions below. These instructions apply to CentOS and RHEL as of 7.0. On Fedora 21, there is no need to do this.

    Once weave is installed in /usr/local/bin, set its execution context with the commands shown below. You will need to have the policycoreutils-python package installed.

    sudo semanage fcontext -a -t unconfined_exec_t -f f /usr/local/bin/weave
sudo restorecon /usr/local/bin/weave
     
  • 相关阅读:
    【BZOJ2424】[HAOI2010]订货 最小费用流
    【BZOJ1935/4822】[Shoi2007]Tree 园丁的烦恼/[Cqoi2017]老C的任务 树状数组
    【BZOJ2500】幸福的道路 树形DP+RMQ+双指针法
    【BZOJ4726】[POI2017]Sabota? 树形DP
    【BZOJ4883】[Lydsy2017年5月月赛]棋盘上的守卫 KM算法
    【BZOJ4881】5月月赛D 线段游戏 树状数组+set
    【BZOJ4518】[Sdoi2016]征途 斜率优化
    【BZOJ4818】[Sdoi2017]序列计数 DP+矩阵乘法
    【BZOJ2553】[BeiJing2011]禁忌 AC自动机+期望DP+矩阵乘法
    【BZOJ3211】花神游历各国 并查集+树状数组
  • 原文地址:https://www.cnblogs.com/SZLLQ2000/p/5509516.html
Copyright © 2011-2022 走看看