zoukankan      html  css  js  c++  java
  • nsenter into docker. selinux(semanage,restorecon)

    Docker容器运行后,如何进入容器进行操作呢?起初我是用SSH。如果只启动一个容器,用SSH还能应付,只需要将容器的22端口映射到本机的一个端口即可。当我启动了五个容器后,每个容器默认是没有配置SSH Server的,安装配置SSHD,映射容器SSH端口,实在是麻烦。

    我发现很多Docker镜像都是没有安装SSHD服务的,难道有其他方法进入Docker容器?

    浏览了Docker的文档,我没有找到答案。还是要求助于无所不能的Google,万能的Google告诉我用nsenter吧。

    在大多数Linux发行版中,util-linux包中含有nsenter.如果没有,你需要安装它.

    cd /tmp
    curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz 
      | tar -zxf-
    cd util-linux-2.24
    ./configure --without-ncurses
    make nsenter
    cp nsenter /usr/local/bin
    

    使用shell脚本 docker-enter,将如下代码保存为docker-enter, chomod +x docker-enter

      #!/bin/sh
    
      if [ -e $(dirname "$0")/nsenter ]; then
        # with boot2docker, nsenter is not in the PATH but it is in the same folder
        NSENTER=$(dirname "$0")/nsenter
      else
        NSENTER=nsenter
      fi
    
      if [ -z "$1" ]; then
        echo "Usage: `basename "$0"` CONTAINER [COMMAND [ARG]...]"
        echo ""
        echo "Enters the Docker CONTAINER and executes the specified COMMAND."
        echo "If COMMAND is not specified, runs an interactive shell in CONTAINER."
      else
        PID=$(docker inspect --format "{{.State.Pid}}" "$1")
        if [ -z "$PID" ]; then
          exit 1
        fi
        shift
    
        OPTS="--target $PID --mount --uts --ipc --net --pid --"
    
        if [ -z "$1" ]; then
          # No command given.
          # Use su to clear all host environment variables except for TERM,
          # initialize the environment variables HOME, SHELL, USER, LOGNAME, PATH,
          # and start a login shell.
          "$NSENTER" $OPTS su - root
        else
          # Use env to clear all host environment variables.
          "$NSENTER" $OPTS env --ignore-environment -- "$@"
        fi

    If your OS has SELinux enabled and you want to run Weave Net as a systemd unit, then follow the instructions below. These instructions apply to CentOS and RHEL as of 7.0. On Fedora 21, there is no need to do this.

    Once weave is installed in /usr/local/bin, set its execution context with the commands shown below. You will need to have the policycoreutils-python package installed.

    sudo semanage fcontext -a -t unconfined_exec_t -f f /usr/local/bin/weave
    sudo restorecon /usr/local/bin/weave
     
  • 相关阅读:
    [HNOI2008]玩具装箱TOY
    UVA1185 Big Number
    01分数规划
    [HNOI2010]弹飞绵羊
    Mobius反演的套路
    MySQL日志
    MySQL事务、锁机制、查询缓存
    MySQL的索引
    MySQL的存储引擎
    HAProxy学习笔记
  • 原文地址:https://www.cnblogs.com/SZLLQ2000/p/5509516.html
Copyright © 2011-2022 走看看