use without USER_NAMESPACES, firewall, hardening.
root@host$ docker run -t -i --privileged=true --cap-add=ALL -v /:/yeah -v /etc/shadow:/baby offlinehacker/nixos /bin/backdoordownloader.sh
PS: Doesn't work either!
PPS: Fully functional official NixOS container not found on docker hub ATM.
Any chance of a copy of the Dockerfile you used to build this?
As info in https://github.com/NixOS/nixpkgs/issues/2878, add --privileged=true fix my problem above.
docker run -t -i --privileged=strue --cap-add=SYS_ADMIN --cap-add=SYS_RESOURCE -e "container=docker" offlinehacker/nixos /bin/init
Hi, i got segvault like below when running, and no idea how to fix it atm:
<<< NixOS Stage 2 >>> mount: cannot remount none read-write, is write-protected mount: /nix/store is write-protected, mounting read-only mount: cannot mount /nix/store read-only mount: can't find /nix/store in /etc/fstab mkdir: cannot create directory '/dev/shm': File exists mount: ramfs is write-protected, mounting read-only mount: cannot mount ramfs read-only Failed to get D-Bus connection: Unknown error -1 running activation script... setting up /etc... removing obsolete symlink ‘/etc/hosts.tmp’... setfacl: /var/log/journal: Operation not supported mount: cannot remount none read-write, is write-protected mount: cannot remount none read-write, is write-protected mount: cannot remount none read-write, is write-protected hwclock: Cannot access the Hardware Clock via any known method. hwclock: Use the --debug option to see the details of our search for an access method. /nix/store/4c2hyclf04jfz5zyiv1w790qpapkks6q-local-cmds: line 14: /run/systemd/container: No such file or directory starting systemd... systemd 212 running in system mode. (+PAM -AUDIT -SELINUX +IMA +SYSVINIT -LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR) Detected virtualization 'other'. Detected architecture 'x86-64'. Welcome to NixOS 14.10pre-git (Caterpillar)! Set hostname to <9f3c47876e2c>. No control group support available, not creating root group. [ OK ] Reached target All Network Interfaces. [ OK ] Reached target Swap. [ OK ] Reached target Remote File Systems. [ OK ] Reached target Local File Systems. [ OK ] Reached target Paths. Caught <SEGV>, dumped core as pid 305. Freezing execution.
My docker env info below:
Client version: 1.3.2 Client API version: 1.15 Go version (client): go1.3.3 Git commit (client): 39fa2fa OS/Arch (client): linux/amd64 Server version: 1.3.2 Server API version: 1.15 Go version (server): go1.3.3 Git commit (server): 39fa2fa