7,173
edits
(→雑多なメモ) |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs | ||
docker images | docker images | ||
docker run -i openwrt-x86-64-generic-rootfs cat /etc/banner | docker run --rm -i openwrt-x86-64-generic-rootfs cat /etc/banner | ||
docker run -i -t openwrt-x86-64-generic-rootfs /bin/ash | docker run --rm -i -t openwrt-x86-64-generic-rootfs /bin/ash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 35: | Line 35: | ||
option ipaddr '127.0.0.1' | option ipaddr '127.0.0.1' | ||
option netmask '255.0.0.0' | option netmask '255.0.0.0' | ||
config interface 'lan' | config interface 'lan' | ||
Line 45: | Line 42: | ||
option ipaddr '172.17.0.2' | option ipaddr '172.17.0.2' | ||
option netmask '255.255.0.0' | option netmask '255.255.0.0' | ||
option gateway '172.17.0.1' | |||
option gateway '172.17.0.1' | option delegate '0' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 52: | Line 49: | ||
<syntaxhighlight lang="bash" enclose="div"> | <syntaxhighlight lang="bash" enclose="div"> | ||
docker build -t openwrt-18.06.1-x86-64-generic-rootfs:latest . | docker build -t openwrt-18.06.1-x86-64-generic-rootfs:latest . | ||
docker run -d --name openwrt --device /dev/kmsg --tmpfs /tmp --cap-add NET_ADMIN -p | docker run -d --name openwrt --device /dev/kmsg --tmpfs /tmp --cap-add NET_ADMIN -p 8822:22 -p 8880:80 openwrt-18.06.1-x86-64-generic-rootfs:latest | ||
docker exec -it openwrt /bin/ash | docker exec -it openwrt /bin/ash | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 58: | Line 55: | ||
<syntaxhighlight lang="bash" enclose="div"> | <syntaxhighlight lang="bash" enclose="div"> | ||
docker exec -it openwrt | docker exec -it openwrt uci set network.lan.ipaddr='`docker inspect --format="{{ .NetworkSettings.IPAddress }}" openwrt`' | ||
docker exec -it openwrt uci commit | docker exec -it openwrt uci commit | ||
docker exec -it openwrt /etc/init.d/ | docker exec -it openwrt /etc/init.d/odhcpd disable | ||
docker exec -it openwrt /etc/init.d/dnsmasq disable | |||
docker exec -it openwrt /etc/init.d/sysntpd disable | |||
docker restart openwrt | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 67: | Line 67: | ||
ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。 | ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。 | ||
ホストOS側で完全にIPv6を停止すれば大丈夫だが。 | |||
強引な解決法 | 強引な解決法 | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="bash" enclose="div"> | ||
mv /bin/wget /bin/wget.orig | mv /bin/wget /bin/wget.orig | ||
cat <<EOF > /bin/wget | cat <<EOF > /bin/wget | ||
#/bin/ash | #/bin/ash | ||
/bin/wget.orig \$* | /bin/wget.orig -4 \$* | ||
EOF | EOF | ||
chmod +x /bin/wget | chmod +x /bin/wget | ||
</syntaxhighlight> | |||
==security== | |||
ホストで制限したほうがよさそう | |||
<syntaxhighlight lang="bash" enclose="div"> | |||
sudo sysctl -w kernel.dmesg_restrict=1 | |||
sudo sysctl -w kernel.kptr_restrict=1 | |||
sudo sysctl -w kernel.yama.ptrace_scope=0 | |||
</syntaxhighlight> | </syntaxhighlight> |