|
Message-ID: <20170203204842.GF7330@bananaboat.hashbangbash.com>
Date: Fri, 3 Feb 2017 15:48:42 -0500
From: Vincent Batts <vbatts@...hbangbash.com>
To: Jessica Frazelle <me@...sfraz.com>
Cc: Thomas Garnier <thgarnie@...gle.com>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: Container Hardening
Jess,
In the vein of your proposal (https://gist.github.com/jessfraz/3a84023ff85471696ee33a20031b9e7b),
there was recently a systemtap (http://sourceware.org/systemtap/) script
written to output some of this data that is not generally accessible
from userspace.
Will Cohen was nice enough to upload this and a quick write-up on it's
usage.
https://github.com/wcohen/linux-instrumentation/blob/master/container_check.md
Where this can show when a "badcap" is encountered, or just to see the
profile of capabilities and syscalls used.
vb
Download attachment "signature.asc" of type "application/pgp-signature" (164 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.