Gitiles - git.j3ss.co
git.j3ss.co / genuinetools / amicontained / 0f33014807578d7d90236b3ad0e118b591546d45
commit0f33014807578d7d90236b3ad0e118b591546d45[log] [tgz]
authorJess Frazelle <acidburn@microsoft.com>Mon Jan 01 15:42:02 2018 -0500
committerJess Frazelle <acidburn@microsoft.com>Mon Jan 01 15:42:02 2018 -0500
tree760682ca0006d50a7f61ce41287509f562ea05de
parent4b81fb3ea63e3a8418688026dae85ffc028fa5a1 [diff]
update generated project files

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
5 files changed
tree: 760682ca0006d50a7f61ce41287509f562ea05de
  1. .gitignore
  2. .travis.yml
  3. Dockerfile
  4. LICENSE
  5. Makefile
  6. README.md
  7. VERSION
  8. container/
  9. main.go
  10. vendor/
  11. version/
README.md

amicontained

Travis CI

Container introspection tool. Find out what container runtime is being used as well as features available.

Installation

Binaries

Via Go

$ go get github.com/jessfraz/amicontained

Usage

$ amicontained -h
                 _                 _        _                _
  __ _ _ __ ___ (_) ___ ___  _ __ | |_ __ _(_)_ __   ___  __| |
 / _` | '_ ` _ \| |/ __/ _ \| '_ \| __/ _` | | '_ \ / _ \/ _` |
| (_| | | | | | | | (_| (_) | | | | || (_| | | | | |  __/ (_| |
 \__,_|_| |_| |_|_|\___\___/|_| |_|\__\__,_|_|_| |_|\___|\__,_|
 Container introspection tool.
 Version: v0.0.12

  -d	run in debug mode
  -v	print version and exit (shorthand)
  -version
    	print version and exit

Examples

docker

$ docker run --rm -it r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: false
AppArmor Profile: docker-default (enforce)
User Namespace: true
User Namespace Mappings:
	Container -> 0
	Host -> 886432
	Range -> 65536
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: true

$ docker run --rm -it --pid host r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: true
AppArmor Profile: docker-default (enforce)
User Namespace: false
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: true

$ docker run --rm -it --security-opt "apparmor=unconfined" r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: false
AppArmor Profile: unconfined
User Namespace: false
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: true

lxc

$ lxc-attach -n xenial
root@xenial:/# amicontained
Container Runtime: lxc
Host PID Namespace: false
AppArmor Profile: none
User Namespace: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: true

$ lxc-execute -n xenial -- /bin/amicontained
Container Runtime: lxc
Host PID Namespace: false
AppArmor Profile: none
User Namespace: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: true

systemd-nspawn

$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained
Spawning container amicontained on /home/jessfraz/nspawn-amicontained.
Press ^] three times within 1s to kill container.
Timezone UTC does not exist in container, not updating container timezone.
Container Runtime: systemd-nspawn
Host PID Namespace: false
AppArmor Profile: none
User Namespace: false
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap
Chroot/PivotRoot: true
Container amicontained exited successfully.

rkt

$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained
[  631.522121] amicontained[5]: Container Runtime: rkt
[  631.522471] amicontained[5]: Host PID Namespace: false
[  631.522617] amicontained[5]: AppArmor Profile: none
[  631.522768] amicontained[5]: User Namespace: false
[  631.522922] amicontained[5]: Capabilities:
[  631.523075] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  631.523213] amicontained[5]: Chroot/PivotRoot: false

$ sudo rkt --insecure-options=image run  --private-users=true --no-overlay docker://r.j3ss.co/amicontained
[  785.547050] amicontained[5]: Container Runtime: rkt
[  785.547360] amicontained[5]: Host PID Namespace: false
[  785.547567] amicontained[5]: AppArmor Profile: none
[  785.547717] amicontained[5]: User Namespace: true
[  785.547856] amicontained[5]: User Namespace Mappings:
[  785.548064] amicontained[5]: 	Container -> 0	Host -> 229834752	Range -> 65536
[  785.548335] amicontained[5]: Capabilities:
[  785.548537] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  785.548679] amicontained[5]: Chroot/PivotRoot: false

unshare

$ sudo unshare --user -r
root@coreos:/home/jessie/.go/src/github.com/jessfraz/amicontained# ./amicontained
Container Runtime: not-found
Host PID Namespace: true
AppArmor Profile: unconfined
User Namespace: true
User Namespace Mappings:
	Container -> 0
	Host -> 0
	Range -> 1
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: false