A cikin Kayan Aikin Kayan aiki don Sarrafa Waɗancan Kwantenan Docker na Linux rauni (), wanda, a ƙarƙashin wasu yanayi na yanayi, yana ba ku damar samun dama ga mahallin mahalli daga akwati idan kuna da ikon ƙaddamar da hotunan ku akan tsarin ko tare da samun damar yin amfani da kwantena mai gudana. Matsalar ta bayyana a duk nau'ikan Docker kuma ta kasance ba a gyara ba (an gabatar, amma ba a karɓa ba tukuna, , wanda ke aiwatar da dakatarwar akwati yayin yin aiki tare da FS).
Rashin lahani yana ba da damar fitar da fayiloli daga akwati zuwa wani ɓangaren sabani na tsarin fayil ɗin tsarin runduna lokacin aiwatar da umarnin "docker cp". Ana aiwatar da cirewar fayil tare da haƙƙin tushen, wanda ke ba da damar karantawa ko rubuta kowane fayiloli a cikin mahalli, wanda ya isa ya sami ikon sarrafa tsarin runduna (misali, zaku iya sake rubutawa /etc/shadow).
Za a iya kai harin ne kawai lokacin da mai gudanarwa ya aiwatar da umarnin "docker cp" don kwafi fayiloli zuwa ko daga akwati. Don haka, maharin yana buƙatar ko ta yaya ya shawo kan mai gudanar da aikin Docker game da buƙatar yin wannan aikin kuma ya hango hanyar da aka yi amfani da ita yayin yin kwafi. A gefe guda, ana iya kai hari, alal misali, lokacin da sabis na girgije ke ba da kayan aiki don kwafin fayilolin sanyi a cikin akwati, an gina ta ta amfani da umarnin "docker cp".
Matsalar tana faruwa ne ta hanyar aibi a cikin aikace-aikacen aikin , wanda ke ƙididdige cikakkiyar hanya a cikin babban tsarin fayil bisa ga hanyar dangi, la'akari da sanya akwati. Yayin aiwatar da umarnin "docker cp", ɗan gajeren lokaci , wanda tuni aka tabbatar da hanyar, amma har yanzu ba a yi aikin ba. Tun da ana yin kwafin a cikin mahallin babban tsarin fayil na tsarin mai watsa shiri, a cikin ƙayyadadden lokaci, zaku iya sarrafa maye gurbin hanyar haɗin gwiwa tare da wata hanya kuma fara kwafin bayanai zuwa wani wuri na sabani a cikin tsarin fayil a waje da tsarin fayil ɗin. ganga.
Tun lokacin taga yanayin tseren ya faru yana da iyaka sosai a cikin shirye-shiryen Lokacin aiwatar da ayyukan kwafi daga kwantena, yana yiwuwa a cimma nasarar kai hari a ƙasa da 1% na lokuta lokacin da ake maye gurbin hanyar haɗin gwiwa ta hanyar cyclyally a cikin hanyar da aka yi amfani da ita a cikin aikin kwafin (an ci nasarar harin bayan kusan 10 seconds na ƙoƙari. don ci gaba da kwafi fayil ɗin a cikin madauki tare da umarnin "docker cp").
Ta hanyar yin aikin kwafi a cikin akwati, za ku iya cimma nasarar sake rubuta fayil ɗin maimaituwa akan tsarin runduna a cikin ƴan ƴan ɗimbin yawa. Yiwuwar kai hari saboda gaskiyar cewa lokacin yin kwafi a cikin akwati, ana amfani da manufar "chrootarchive", bisa ga tsarin archive.go yana fitar da tarihin ba a cikin tushen tushen akwati ba, amma a cikin chroot na littafin adireshi na iyaye na hanyar manufa, wanda maharin ke sarrafawa, kuma baya dakatar da aiwatar da kwantena (ana amfani da chroot azaman alamar yin amfani da yanayin tsere).
source: budenet.ru
