stackoom
  简体   繁体   中英

Can we mmap /dev/mem to supply expected output for dmidecode inside a container

 原文  2019-11-27 11:33:09       linux

Question

The tool dmidecode relies on /dev/mem . However, most Docker containers do not have /dev/mem attached during container spawning. Therefore, most containers do not have /dev/mem . The mknod can create character special file /dev/mem inside the container. Further more, I can dump my computer's SMBIOS into a binary file. I also just quick scan/read in google and saw that mmap is possible between a special character file and a normal file.

Can dmidecode inside the container be fooled in this way? I ask to more understand add context of this idea although, the core ingredients seemed to be all present.

So the question is: Can we hijack the container's /dev/mem by feeding it with a binary dump of the host's smbios? Thank you.

1 answers

solution1
 1 ACCPTED  2019-11-27 14:36:02

It looks like I misread your question. I'm still not sure why you're looking to mmap , though, because you can accomplish what I think you're asking without that.

That is, if I create a dump of /dev/mem on my host:

sudo dd if=/dev/mem of=/tmp/mem.dump

Then I can bind mount that into a container:

docker run -it --rm -v /tmp/mem.dump:/dev/mem alpine sh

And run something like dmidecode inside the container:

/ # dmidecode
# dmidecode 3.2
Scanning /dev/mem for entry point.
SMBIOS 2.7 present.
90 structures occupying 4101 bytes.
Table at 0x000EC470.

Handle 0xDA00, DMI type 218, 251 bytes
...

And in fact you can just copy the file into place:

/ # dmidecode
# dmidecode 3.2
Scanning /dev/mem for entry point.
/dev/mem: No such file or directory
/ # cp /tmp/mem.dump /dev/mem
/ # dmidecode
# dmidecode 3.2
Scanning /dev/mem for entry point.
SMBIOS 2.7 present.
90 structures occupying 4101 bytes.
Table at 0x000EC470.

Handle 0xDA00, DMI type 218, 251 bytes
...

solution2
 0  2019-11-27 12:12:50

You map devices into a container using the --device option to docker run . So a first stab at getting dmidecode to work in a container would look something like: 

docker run -it --rm --device /dev/mem alpine sh

But this will fail: 

/ # dmidecode
# dmidecode 3.2
Scanning /dev/mem for entry point.
/dev/mem: Operation not permitted

Access to /dev/mem is a privileged operation, and by default Docker restricts the privileges available to a container for reasons of security. You can disable those restrictions by passing the --privileged flag: 

docker run -it --rm --device /dev/mem --privileged alpine sh

With the addition of --privileged , dmidecode works as expected: 

/ # dmidecode
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.
90 structures occupying 4101 bytes.
Table at 0x000EC470.

Handle 0xDA00, DMI type 218, 251 bytes
OEM-specific Type
...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can we TWO MMAP on same /dev file Caching and volatile memory when mmap /dev/mem Why mmap /dev/mem return different address? Can't run dmidecode on docker container How to view dmidecode output? mmap on /proc/pid/mem mmap of /dev/mem fails with invalid argument for virt_to_phys address, but address is page aligned ARM linux userspace gpio operations using mmap /dev/mem approach (able to write to GPIO registers, but fail to read from them) Can we allocate physically contiguous memory by mmap()? /dev/mem and /dev/kmem not exists?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM