7,137
edits
(→雑多なメモ) |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | ||
docker images | docker images | ||
docker run -i openwrt-x86-64-generic-rootfs cat /etc/banner | docker run --rm -i openwrt-x86-64-generic-rootfs cat /etc/banner | ||
docker run -i -t openwrt-x86-64-generic-rootfs /bin/ash | docker run --rm -i -t openwrt-x86-64-generic-rootfs /bin/ash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 55: | Line 55: | ||
<syntaxhighlight lang="bash" enclose="div"> | <syntaxhighlight lang="bash" enclose="div"> | ||
docker exec -it openwrt | docker exec -it openwrt uci set network.lan.ipaddr='`docker inspect --format="{{ .NetworkSettings.IPAddress }}" openwrt`' | ||
docker exec -it openwrt uci commit | docker exec -it openwrt uci commit | ||
docker exec -it openwrt /etc/init.d/ | docker exec -it openwrt /etc/init.d/odhcpd disable | ||
docker exec -it openwrt /etc/init.d/dnsmasq disable | |||
docker exec -it openwrt /etc/init.d/sysntpd disable | |||
docker restart openwrt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 64: | Line 67: | ||
ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。 | ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。 | ||
ホストOS側で完全にIPv6を停止すれば大丈夫だが。 | |||
強引な解決法 | 強引な解決法 | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
mv /bin/wget /bin/wget.orig | mv /bin/wget /bin/wget.orig | ||
cat <<EOF > /bin/wget | cat <<EOF > /bin/wget | ||
#/bin/ash | #/bin/ash | ||
/bin/wget.orig \$* | /bin/wget.orig -4 \$* | ||
EOF | EOF | ||
chmod +x /bin/wget | chmod +x /bin/wget | ||
</syntaxhighlight> | |||
==security== | |||
ホストで制限したほうがよさそう | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
sudo sysctl -w kernel.dmesg_restrict=1 | |||
sudo sysctl -w kernel.kptr_restrict=1 | |||
sudo sysctl -w kernel.yama.ptrace_scope=0 | |||
</syntaxhighlight> | </syntaxhighlight> |