MuToolkit Yekugadzirisa Isolated Linux Docker Containers kusagadzikana (), iyo, pasi peimwe seti yemamiriro ezvinhu, inobvumidza iwe kuti uwane iyo nzvimbo yekugamuchira kubva mumudziyo kana iwe uchikwanisa kuvhura mifananidzo yako pane system kana nekuwana kune inomhanya mudziyo. Dambudziko rinoonekwa mune ese mavhezheni eDocker uye rinoramba risina kugadziriswa (rakatsanangurwa, asi risati ragamuchirwa, , iyo inoshandisa kumiswa kwemudziyo paunenge uchiita mashandiro neFS).
Kusagadzikana kunobvumira mafaera kuti abviswe kubva mumudziyo kuenda kune inopokana chikamu cheiyo host system's faira system paunenge uchiita iyo "docker cp" yekuraira. Kudhirowa kwefaira kunoitwa nekodzero dzemidzi, izvo zvinoita kuti zvikwanise kuverenga kana kunyora chero mafaera munzvimbo inotambira, izvo zvinokwana kuwana kutonga kweiyo host system (semuenzaniso, unogona kunyora pamusoro /etc/shadow).
Kurwiswa uku kunogona kuitwa chete kana maneja aita "docker cp" kuraira kukopa mafaera kuenda kana kubva mumudziyo. Nekudaro, anorwisa anofanirwa kutendesa Docker maneja nezve kukosha kwekuita oparesheni iyi uye kufanotaura nzira inoshandiswa pakukopa. Kune rumwe rutivi, kurwiswa kunogona kuitwa, semuenzaniso, kana makore masevhisi achipa zvishandiso zvekukopa mafaera ekugadzirisa mumudziyo, wakavakwa uchishandisa "docker cp" kuraira.
Dambudziko rinokonzerwa nekukanganisika mukushandiswa kwebasa racho , iyo inoverenga mhedziso nzira mune huru faira system zvichibva pane imwe nzira, uchifunga nezvekuiswa kwemudziyo. Ndichiri kuita iyo "docker cp" yekuraira, yenguva pfupi , iyo nzira yakatove yakasimbiswa, asi kushanda hakusati kwaitwa. Sezvo kukopa kunoitwa mumamiriro eiyo huru faira system yeanogamuchira system, mukati menguva yakatarwa yenguva, iwe unogona kugona kutsiva chinongedzo neimwe nzira uye wotanga kukopa data kune imwe nzvimbo inopokana mune faira system kunze kweiyo. mudziyo.
Sezvo hwindo renguva rekuti mamiriro emujaho aitike akaganhurirwa zvakanyanya mukugadzirira Paunenge uchiita mabasa ekukopa kubva mumudziyo, zvaigoneka kuwana kurwiswa kwakabudirira mune isingasviki 1% yezviitiko apo cyclic kutsiva chinongedzo chechiratidzo munzira yakashandiswa mukukopa (kurwiswa kwakabudirira kwakaitwa mushure memasekondi angangoita gumi ekuyedza. kuti urambe uchikopa iyo faira muchiuno ne "docker cp" command).
Nekuita kopi yekuvhiya mumudziyo, unogona kuwana inodzokororwa faira rekunyora kurwisa pane iyo host system mune mashoma iterations. Iko mukana wekurwiswa unokonzerwa nekuti kana uchikopa mumudziyo, iyo "chrootarchive" pfungwa inoshandiswa, zvichienderana nekuti iyo archive.go process inobvisa iyo archive kwete mu chroot yemudzi wemudziyo, asi mu chroot ye dhairekitori yevabereki yenzira inotangwa, inodzorwa neanorwisa, uye haimise kuurayiwa kwemudziyo (chroot inoshandiswa sechiratidzo chekushandisa mamiriro emujaho).
Source: opennet.ru