我如何假设 Linux 上的 docker 容器内的用户为 1000?

tag-icon tag-icon fedora docker selinux
我如何假设 Linux 上的 docker 容器内的用户为 1000?

我正在尝试使用 AFL++ 对 Fedora 36 上的目标应用程序进行模糊测试。我按照上列出的说明进行操作这一页通过拉取并运行 AFL++ 容器并构建它,然后使用映射到/src/容器中目录的目标应用程序的源代码创建目标容器。两个容器都运行良好。但是,当我进入目标容器时cd /src/,我无法在此目录中执行任何操作,因为出现access denied错误。如果是我whoami,我就是root。所以我去了cd ..ls -lha然后我看到了这个:drwxr-xr-x. 7 1000 1000 4.0K Jul 23 20:49 src。我很困惑,因为 A) 我不知道 uid 1000 是谁或为什么它在那里,B) 我是 root,所以我不知道如何继续。我什至尝试过chown root:root ./src,但收到了 AVC 拒绝,其中指出:

SELinux is preventing chown from setattr access on the directory postgres.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that chown should be allowed setattr access on the postgres directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'chown' --raw | audit2allow -M my-chown
# semodule -X 300 -i my-chown.pp

Additional Information:
Source Context                system_u:system_r:container_t:s0:c9,c234
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                postgres [ dir ]
Source                        chown
Source Path                   chown
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-36.18-1.fc36.noarch
Local Policy RPM              selinux-policy-targeted-36.18-1.fc36.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 6.2.15-100.fc36.x86_64
                              #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53 UTC
                              2023 x86_64 x86_64
Alert Count                   3
First Seen                    2023-07-27 01:34:49 PDT
Last Seen                     2023-07-27 01:35:10 PDT
Local ID                      e862a3ed-4709-4cf4-89f5-9d3bf197af96

Raw Audit Messages
type=AVC msg=audit(1690446910.128:646): avc:  denied  { setattr } for  pid=49017 comm="chown" name="postgres" dev="dm-2" ino=1475147 scontext=system_u:system_r:container_t:s0:c9,c234 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0


Hash: chown,container_t,user_home_t,dir,setattr

当我执行时sudo ausearch -c 'chown' --raw | audit2allow -M my-chown我得到:

could not write output file: [Errno 13] Permission denied: 'my-chown.te'

相关内容