-v /:/host-> Mount the host filesystem in the container so you can read the host filesystem.
--device=/dev/sda1 --cap-add=SYS_ADMIN --security-opt apparmor=unconfined** -> This is similar to the previous method, but here we are mounting the device disk. Then, inside the container run
mount /dev/sda1 /mntand you can access the host filesystem in
fdisk -lin the host to find the
</dev/sda1>device to mount
-v /tmp:/host-> If for some reason you can just mount some directory from the host and you have access inside the host. Mount it and create a
/bin/bashwith suid in the mounted directory so you can execute it from the host and escalate to root.
--cap-add=<CAPABILITY/ALL> [--security-opt apparmor=unconfined] [--security-opt seccomp=unconfined] [-security-opt label:disable]-> To escalate abusing capabilities, grant that capability to the container and disable other protection methods that may prevent the exploit to work.