Root your host in 2 easy steps with Docker

So lets assume jmainguy is a user on your system, and he asks to be added to the docker group so he can spin up docker containers and such, seems like a fairly reasonable request. You add him to the docker group.

jmainguy then complains that he cant share data among-st his containers via -v volume mounting, selinux is stopping him. He wanted to mount some gluster storage shared between the containers, a fairly reasonable request. For some reason you turn off selinux so he can volume mount. (dont turn off selinux).

You have now given jmainguy root to the box.

I did not feel like becoming root on my laptop, so I updated it via the following as my jmainguy user in the docker group.

docker run -v /:/home -ti fedora /bin/bash

#This mounted / from the host, to /home on the container, and then dropped jmainguy into the container running bash (as root on the container).

as root, I ran chroot /home #This makes shell act like / starts at /home basically.

then because I hate /bin/sh, I ran /bin/bash

Hooray, I am full root on my laptop and can do as I please. Thankfully I just wanted to upgrade it

dnf upgrade.

And as root on the container looking at dnf history, it shows this.

[root@Jmainguy-Fedora jmainguy]# dnf history

Last metadata expiration check performed 2:03:46 ago on Fri May 8 20:56:52 2015.

ID | Login user | Date a | Action | Altere


27 | System | 2015-05-08 22:59 | Update | 83

26 | Jonathan … | 2015-05-05 16:10 | Update | 6

25 | Jonathan … | 2015-05-04 08:48 | E, I, U | 131 EE

As you can see, ID2 27, the user was “System ” and updated 83 packages.

tldr; Do not turn off selinux

Credit for inspiring me to try this. I was unable to duplicate his trick of copying /bin/sh to the host and using that to become root, but it relied on volume mounting as this does, so pretty much the same thing.