security - Execute host commands from within a docker container -

-

i'm looking way user able execute limited set of commands on host, while accessing containers/browser. goal prevent need ssh'ing host run commands make start, make stop, etc. these make commands execute series of docker-compose commands , needed in dev.

the 2 possible ways in can think of are:

  • via cloud9 terminal inside browser (we'll using it). default terminal accesses container of course.
  • via custom mini webapp (e.g. node.js/express) buttons map commands. easy if running on host itself, want keep code containers.

although might not best practice still possible control host inside container. if running docker-compose commands can bind mount docker socket using -v /var/run/docker.sock:/var/run/docker.sock on ubuntu. if want use other system tools have bind mount required volumes using -v gets tricky , tedious when want use system bins use /lib.*.so files.

if need use sudo commands don't forget add --privileged flag when running container


Comments

Post a Comment

Popular posts from this blog

python - jinja2: TemplateSyntaxError: expected token ',', got 'string' -

-
i new jinja2 , having issue using python regular expression (re). in following code bold lines have error string in them. {% block content %} <div class="container"> {% l in lines %} {% if re.search(r"error", l) %} {# <<< throws error #} <b> {{ l }} </b> {% else %} {{ l }} <hr> {% endif %} {% endfor %} </div> {% endblock %} the re.search above throws following error: jinja2.exceptions.templatesyntaxerror templatesyntaxerror: expected token ',', got 'string' raw python code not supported in jinja2 template syntax. {% if re.search(r"error", l) %} replace line with {% if "error" in l %} can fix problem. if logical condition more complicated, should consider defining own custom filters (which can call python code) or complicated things in view layer. go check global namespace .
Read more

node.js - NodeJS remote terminal to Dropbear OpenWRT-Server -

-
i wandering whether there valid solution have remote terminal openwrt-box out of nodejs-app? connecting terminal works: ssh -i ~/.mykeys/id_rsa root@192.168.178.39 busybox v1.23.2 (2015-04-22 23:25:48 utc) built-in shell (ash) root@openwrt:~# the only interactive ssh solution nodejs doesn't interactive part described in readme.md following: var client = require('ssh2').client; var conn = new client(); conn.on('ready', function() { console.log('client :: ready'); conn.shell(function(err, stream) { if (err) throw err; stream.on('close', function() { console.log('stream :: close'); conn.end(); }).on('data', function(data) { console.log('stdout: ' + data); }).stderr.on('data', function(data) { console.log('stderr: ' + data); }); stream.end('ls -l\nexit\n'); }); }).connect({ host: '192.168.100.100', port: 22, username...
Read more

Qt4: how to send QString inside a struct via QSharedMemory -

-
i have struct struct control_data{ int column_number; qstring cell; }; i need send thread of qsharememory. read can't because qstring contains pointers inside. other ways? you have serialize struct byte array. can convert qstring const char* this: mystring.tostdstring().c_str(); but serializing qstring should work. the first step serialize struct qdatastream using qt, example here . then once struct can read , written can pass shared memory. a complete example of using qsharedmemory can found here . here relevant code: // first, test whether shared memory segment attached process. // if so, detach if (sharedmem.isattached()) { sharedmem.detach(); } ... qbuffer buffer; buffer.open( qbuffer::readwrite ); qdatastream out( &buffer ); out << youstruct; int size = buffer.size(); // size of int + size of qstring in bytes if ( !sharedmem.create( size ) ) { return; } // write shared memory sharedmem.lock(); char *to = (char*...
Read more