创建具备特权的容器
apiVersion: apps/v1
kind: Deployment
metadata:
name: cve-2021-3156-privilege-deployment
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: cve-2021-3156-privilege-true
image: 172.18.8.210:5000/library/valapp/cve-2021-3156:latest
command:
- sleep
- 9999d
securityContext:
# 这里是重点
privileged: true
runAsUser: 1001
capabilities:
add:
- CAP_SYS_PTRACE
nodeSelector:
kubernetes.io/hostname: hygon-ubuntu-vm2