I'm looking for a rkt command that is equivalent to the following docker command:
docker run nginx:1.11.5 find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
The docker command creates a new container from nginx:1.11.5, executes find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null within the container (which prints all binaries with setuid and setgid permissions to stdout), and then kills the container. The results look something like this:
root@localhost:~# docker run nginx:1.11.5 find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
-rwsr-xr-x 1 root root 40168 Nov 18 2015 /bin/su
-rwsr-xr-x 1 root root 40000 Mar 29 2015 /bin/mount
-rwsr-xr-x 1 root root 27416 Mar 29 2015 /bin/umount
-rwsr-xr-x 1 root root 61392 Oct 28 2014 /bin/ping6
-rwsr-xr-x 1 root root 70576 Oct 28 2014 /bin/ping
-rwsr-xr-x 1 root root 53616 Nov 18 2015 /usr/bin/chfn
-rwsr-xr-x 1 root root 39912 Nov 18 2015 /usr/bin/newgrp
-rwxr-sr-x 1 root tty 27232 Mar 29 2015 /usr/bin/wall
-rwsr-xr-x 1 root root 54192 Nov 18 2015 /usr/bin/passwd
-rwxr-sr-x 1 root shadow 22744 Nov 18 2015 /usr/bin/expiry
-rwsr-xr-x 1 root root 75376 Nov 18 2015 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 44464 Nov 18 2015 /usr/bin/chsh
-rwxr-sr-x 1 root shadow 62272 Nov 18 2015 /usr/bin/chage
-rwxr-sr-x 1 root shadow 35408 Jan 28 2016 /sbin/unix_chkpwd
This is what I've tried so far:
rkt run --insecure-options=image --net=host docker://nginx find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
and
rkt run --insecure-options=image --net=host docker://nginx --exec find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
both of which return no output.
I can acquire the information I want by overriding the initial command with --exec /bin/bash and adding the --interactive flag like so:
root@localhost:~# rkt run --interactive --insecure-options=image --net=host docker://nginx --exec /bin/bash
root@rkt-b5452809-0253-4da4-8026-d678c9bf7929:/# find / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
-rwxr-sr-x 1 root shadow 35408 Jan 28 2016 /sbin/unix_chkpwd
-rwsr-xr-x 1 root root 40000 Mar 29 2015 /bin/mount
-rwsr-xr-x 1 root root 61392 Oct 28 2014 /bin/ping6
-rwsr-xr-x 1 root root 40168 Nov 18 2015 /bin/su
-rwsr-xr-x 1 root root 27416 Mar 29 2015 /bin/umount
-rwsr-xr-x 1 root root 70576 Oct 28 2014 /bin/ping
-rwxr-sr-x 1 root tty 27232 Mar 29 2015 /usr/bin/wall
-rwsr-xr-x 1 root root 75376 Nov 18 2015 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 44464 Nov 18 2015 /usr/bin/chsh
-rwsr-xr-x 1 root root 53616 Nov 18 2015 /usr/bin/chfn
-rwsr-xr-x 1 root root 54192 Nov 18 2015 /usr/bin/passwd
-rwxr-sr-x 1 root shadow 62272 Nov 18 2015 /usr/bin/chage
-rwxr-sr-x 1 root shadow 22744 Nov 18 2015 /usr/bin/expiry
-rwsr-xr-x 1 root root 39912 Nov 18 2015 /usr/bin/newgrp
root@rkt-b5452809-0253-4da4-8026-d678c9bf7929:/# exit
exit
root@localhost:~#
How would I do this in one command?
You need to use -- to pass arguments to an image.
root@localhost:~# rkt run --insecure-options=image --net=host docker://nginx --exec find -- / -perm +6000 -type f -exec ls -ld {} \; 2> /dev/null
[ 4356.161333] nginx[5]: -rwxr-sr-x 1 root shadow 62272 Feb 24 08:09 /usr/bin/chage
[ 4356.163359] nginx[5]: -rwsr-xr-x 1 root root 53616 Feb 24 08:09 /usr/bin/chfn
[ 4356.165202] nginx[5]: -rwsr-xr-x 1 root root 44464 Feb 24 08:09 /usr/bin/chsh
[ 4356.167506] nginx[5]: -rwxr-sr-x 1 root shadow 22744 Feb 24 08:09 /usr/bin/expiry
[ 4356.169553] nginx[5]: -rwsr-xr-x 1 root root 75376 Feb 24 08:09 /usr/bin/gpasswd
[ 4356.171651] nginx[5]: -rwsr-xr-x 1 root root 39912 Feb 24 08:09 /usr/bin/newgrp
[ 4356.173452] nginx[5]: -rwsr-xr-x 1 root root 54192 Feb 24 08:09 /usr/bin/passwd
[ 4356.175704] nginx[5]: -rwxr-sr-x 1 root tty 27232 Mar 29 2015 /usr/bin/wall
[ 4356.229841] nginx[5]: -rwsr-xr-x 1 root root 40000 Mar 29 2015 /bin/mount
[ 4356.231914] nginx[5]: -rwsr-xr-x 1 root root 70576 Oct 28 2014 /bin/ping
[ 4356.234003] nginx[5]: -rwsr-xr-x 1 root root 61392 Oct 28 2014 /bin/ping6
[ 4356.235932] nginx[5]: -rwsr-xr-x 1 root root 40168 Feb 24 08:09 /bin/su
[ 4356.237872] nginx[5]: -rwsr-xr-x 1 root root 27416 Mar 29 2015 /bin/umount
[ 4356.250513] nginx[5]: /usr/bin/find: `/proc/5/task/5/fd/5': No such file or directory
[ 4356.250812] nginx[5]: /usr/bin/find: `/proc/5/task/5/fdinfo/5': No such file or directory
[ 4356.251120] nginx[5]: /usr/bin/find: `/proc/5/fd/5': No such file or directory
[ 4356.251355] nginx[5]: /usr/bin/find: `/proc/5/fdinfo/5': No such file or directory
[ 4356.254186] nginx[5]: -rwxr-sr-x 1 root shadow 35408 Nov 12 07:43 /sbin/unix_chkpwd
See https://coreos.com/rkt/docs/latest/subcommands/run.html#passing-arguments for more information.