when in docker environment, -H not work!

[amwork2010]

I use SHC 4.0.3 in docker (centos:7, debian:buster-slim, ubuntu:16.04), for example: docker pull centos:7 docker run -it centos:7 bash [root@3f12d91619c6 ~]# yum install make gcc [root@3f12d91619c6 ~]# ./configure && make && make install [root@3f12d91619c6 ~]# shc -H -rf a.sh -o a [root@3f12d91619c6 ~]# ./a just exit!!!

[root@3f12d91619c6 ~]#cat a.sh #!/bin/bash echo "Hello World!"

but when I do this in host machine: [root@dcos1 ~]# shc -H -rf a.sh -o a [root@dcos1 ~]# ./a Operation not permitted Killed [root@dcos1 ~]# sudo ./a Hello World!

it works! and I'm root, why must do with "sudo"?

Can someone help me? thanks!

[FOSSONLY]

With Docker this can not work in principle. The parameter "-H" of SHC establishes various security mechanisms to prevent attacks. Among other things, the syscall ptrace is needed so that the program can log itself, which automatically blocks debuggers and similar programs. Furthermore, a seccomp based filter is applied, which is prevented by the Docker sandbox as well as the previous ptrace syscall. And that automatically kills the program. I use Debian myself and have no problems with these parameters of SHC. No matter if the program is started as root or only with user rights. Which Linux distribution runs on the host? With CentOS, the default SELinux might have blocked something, too. Otherwise it should work.

[drzraf]

I found that this simple hello world script, compiled on Ubuntu 20.04 wouldn't work when run inside a debian:10 docker image. Getting some garbage instead

$ shc -Hf script.sh -o binary && cat ./binary | docker exec -i container bash -c "cat >| /tmp/binary"

container# /tmp/binary 
sh: 1: ¬sƞ£vD¬9 å: not found
sh: 1: ¤: not found

With shc -U I get

# /tmp/binary 
/tmp/binary: Operation not permitted

as if I was not root on the container.