Difficulty: beginner
Estimated Time: 10-15 minutes

In this scenario you will learn how to block containers gaining additional user privileges, even when running as a non-root user.

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Use No New Privileges flag to restrict additional access

Step 1 of 3

Step 1

Create Dockerfile: echo 'FROM benhall/strace-ubuntu:latest' >> 1_Dockerfile echo 'ADD 1_testnnp /testnnp' >> 1_Dockerfile echo 'RUN chmod u+s /testnnp' >> 1_Dockerfile echo 'CMD ["/testnnp"]' >> 1_Dockerfile

Download Command: curl -LO https://github.com/katacoda/oscon2016-docker-perf-sec/raw/master/tutorial/2_Security/3_no-new-privileges/1_testnnp && chmod +x 1_testnnp

Build: docker build -f 1_Dockerfile -t new-priv-1 .

Run: docker run -u 1000 new-priv-1

Is that the output you expected?