I'm trying to disable randomization via Dockerfile
:
RUN sudo echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
but I get
Step 9 : RUN sudo echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
---> Running in 0f69e9ac1b6e
[91mtee: /proc/sys/kernel/randomize_va_space: Read-only file system
any way to work around this? (I see its saying read-only file system
any way to get around this?) If its something which the kernel
does this means it's outside of my container
scope, in that case how am i supposed to work with gdb inside my container? please note this is my target to work with gdb
in a container because i'm experimenting with it, so i wanted a container
which encapsulates gcc
and gdb
which i'll use for experimentations.
ASLR (Address Space Layout Randomization) is a feature that is enabled by default on most Linux distributions.
Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container. These namespaces provide a layer of isolation.
If there's no terminal attached, then your shell process will exit, and so the container will exit. You can stop this by adding --interactive --tty (or just -it ) to your docker run ... command, which will let you type commands into the shell.
In host run:
sudo echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
not in docker
Docker has syntax for modifying some of the sysctls (not via dockerfile though) and kernel.randomize_va_space
does not seem to be one of them.
Since you've said you're interested in running gcc/gdb you could disable ASLR only for these binaries with:
setarch `uname -m` -R /path/to/gcc/gdb
Also see other answers in this question.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With