执行命令unshare，获知docker容器中是否有这个命令，有的话才可能有戏，利用漏洞CVE-2022-0185

docker run -it ubuntu:20.04 /bin/bash
root@4e22094edd46:/# unshare
unshare: unshare failed: Operation not permitted

kubectl run -it ubutest2 --image=ubuntu:20.04 /bin/bash

root@ubutest2:/# pscap -a
ppid pid   name       command           capabilities
0     1     root       bash             chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, audit_write, setfcap

root@ubutest2:/# unshare -r
# pscap -a
ppid pid   name       command           capabilities
0     1     root       bash             chown, dac_override, fowner, fsetid, kill, setgid, setuid, setpcap, net_bind_service, net_raw, sys_chroot, mknod, audit_write, setfcap
1     270   root       sh               full

参考连接：
https://www.4hou.com/posts/GWkK

PoC参见：
https://twitter.com/clubby789/status/1484482788313255939?s=20