backspace

Introduction If you are familiar with docker then you are going to love this little hack. UNC  is a tool to demonstrate how to launch containers without being root. Getting the code and compiling it git clone https://github.com/LK4D4/unc.git cd unc mkdir -p gopath/src/ ln -s ../.. gopath/src/unc export GOPATH=$PWD/gopath cd gopath/src/unc go get go build cd unet go build cd .. sudo cp unc unet/unet /usr/local/bin/ sudo chmod u+s /usr/local/bin/unet What is SetUID for? "unet" is a tool used "unc" that creates veth pairs and assign one of them to container. Root user (via setuid) is needed to be able to assign a network interface for the user container. Creating some minimal root filesystems sudo dnf install busybox # as regular unprivileged user type mkdir -p roots/busybox1/{bin,sbin,proc,dev,etc} cp /sbin/busybox roots/busybox1/sbin/ echo "root:x:0:0:root:/root:/bin/bash" > roots/busybox1/etc/passwd echo "r