diff options
author | Karel Kočí <cynerd@email.cz> | 2018-12-02 21:09:06 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2018-12-02 21:09:06 +0100 |
commit | 08afc3a98b7385ea2439dec1aac0f41c4c14c408 (patch) | |
tree | a7bda6afb61a8d9da4ab0aff7ac993e823661578 /README.md | |
parent | 5a7d5fa43536484508aad9d9553f64a33212311b (diff) | |
download | uroot-9b45e8ddbdbd7f7fc1319d6c4a50df04d799263e.tar.gz uroot-9b45e8ddbdbd7f7fc1319d6c4a50df04d799263e.tar.bz2 uroot-9b45e8ddbdbd7f7fc1319d6c4a50df04d799263e.zip |
Update to working versionv0.1
Still way off from something usable by someone else but it already works
for me.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..b456289 --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +uroot (User's root) +=================== +Tool that uses Linux namespaces and resource separation to provide root like +functionality even under unprivileged user on Linux systems. This is more commonly +known as unprivileged containers. Difference between this project and full fledge +containerization solution is that this tools tries to provide less separation to +allow more versatile uses. See example usages if you are not sure what this can +do. There is also section with limitations stating what you can't do with this +tool. + +In general this tools allows you to imaginary become root. This has a lot of use +cases outside of just creating full containers. You can use it to control some bad +behaving program without fully separating it from host system. + +System setup +------------ +TODO (describe shadow requirements) + +Limitations of this tools +------------------------- +This tool is not perfect as well as technology it uses is not perfect. There can +be bugs and there are for sure unimplemented features. This section provides you +with information about some known problems that we are unable to solve because of +limitations of used technology. Please check this list before you report problem +or even before you use tool it self. + +### Block devices are no go +Unfortunately current implementation of namespaces, primarily mount points +unshare, does not support usage of block devices subsystem. That is kernel +subsystem handling access to storage devices. Most of kernel file system drivers +are implemented on top of block devices and because of that non of those file +systems can be used. This means that you can modify (mount) only already mounted +file systems or system file systems such as tmpfs or procfs. Allowing user access +to `/dev` device is not enough to fix this issue. This also means that you are not +able to use FUSE file systems. + +Example usages +-------------- +On top of making you look cool that you are able to get root on system you should +not (those hacking skills) this tool also have some real live uses. Some of them +can be clear cut but some usages might not be immediately clear. That is the main +reason why this section exists. It also should give you hints to common traps. + +### chroot +TODO + +### Single killable process +TODO + +### Network isolation +TODO |