Is there a way to run a docker container as sudo, if it was build on a non sudo base-image?

Question

This might be a stupid question, but I am going to ask it anyways...

I would like to be a superuser in the container if I run docker exec -it <container> /bin/bash.

<container> is a container that is built on a fedora-base-image which seems to assign me a user with non-sudo capabilities.

Question: Is there a way to still become superuser in my new image, if it was based on such an image?

Why do I want this? I would like to run gdb attach in this container, which gives me ptrace: Operation not permitted. I already tried to do docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --security-opt apparmor=unconfined (compare here), which did not work. So my next guess would be to try this as super-user, as recommended in the same post.

score 1 · Accepted Answer · answered Dec 17 '19 at 16:38

with docker run you can pass the user flag.

-u, --user string                    Username or UID (format: <name|uid>[:<group|gid>])

I believe the UID of root should be 0, so I think any of -u root -u 0 -u root:root should work?

If you're building a Dockerfile you can also add USER root to your dockerfile to switch users.

score 0 · Answer 2 · answered Dec 17 '19 at 16:49

0

A quick workaround that also worked was to use a multi-stage build, start off as sudo in the first build, do RUN sudo chmod +s /usr/bin/gdb and then use COPY in the second stage to get gdb with permissions from the first stage.

answered Dec 17 '19 at 16:49

User12547645

6,955
3
38
69

Is there a way to run a docker container as sudo, if it was build on a non sudo base-image?

2 Answers2