If set to yes, all container-generated output will be shown in the RouterOS log Veth interface to be used with the container List of environmental variables (configured under /container envs ) to be used with containerĬontainer *tar.gz tarball if the container is imported from a file Using of remote-image (similar to docker pull) functionality requires a lot of free space in main memory, 16MB SPI flash boards may use pre-build images on USB or other disk media.Ĭommand to execute inside a container (will overwrite CMD parameter) When an security expert publishes his exploit research - anyone can apply such exploit someone will build a docker image that will do the exploit AND provide Linux root shell by using root shell someone may leave permanent backdoor/vulnerability in your RouterOS system even after docker image is removed and container feature disabled if a vulnerability is injected into the primary or secondary routerboot (or vendor pre-loader), then even netinstall may not be able to fix it RequirementsĬontainer package is compatible with arm arm64 and x86 architectures. an expert with knowledge how to build exploits will be able to jailbreak/elevate to root.running a 3rd party container image on your router could open a security hole/attack vector/attack surface.if you run container, there is no security guarantee of any kind.your router is as secure as anything you run in container. if the router is compromised, containers can be used to easily install malicious software in your router and over network.once the container feature is enabled, containers can be added/configured/started/stopped/removed remotely!.you need physical access to the router to enable support for the container feature, it is disabled by default.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |