Gitiles - git.j3ss.co
git.j3ss.co / genuinetools / amicontained / refs/tags/v0.4.5
taga4b6096fdb53e1ab0d55e4a6635c14555708a4a1
taggerJess Frazelle <acidburn@microsoft.com>Tue Sep 25 10:35:32 2018 -0400
object1245de9bdd0dd5279639bad87c37b6a9f6fb4602 
v0.4.5
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE1MTdYA1m9lqO/FEeGPNoXAAiv/MFAluqR7QACgkQGPNoXAAi
v/MPTA//Z/0msb6obaFzq6pte8FT49Cd11Rb054zRxMxLFNODHmHFhakONSG083v
/qEE+pgqzZmbrQt8qxu5p8BwX+C5DUgKefGjjSWTmi3uk319hk0OUQhkp/n7VeG4
OSjINVrDqRIXuURsHJyxHq1FxptYfYPz5BgoCp56AsiThXL3KOATci2oan0fxL2L
oMqq/V8hMlEOe3bVazY3GcNAk1l/6R6LikWndynzqOnvpXOMt6ntGuru2q0dPsmD
kUkgMrMYefLt+57xybk+ln4eRgmlhuP3XzbyD5YjELjy/AdNCT8XhSSPbpSToCjT
lkU7ksNMKOanqmCTKYmsmAr1T/47d07Huf4kUOxlnV0EI9DvfipYHWmSY60d1DTF
NNVn7CdSKZ06iH5pZgWHPmbDCvDlNCUVaiThStJTSlrT4+8r8o8U+v1ocJw5N56r
lwG0VuhBxJXqIaYbJ/V9F1aa4Lf7e3IpkClsD1/fHXfDAGnvNWlqV6qicJV4/TrM
BSuPcfFGdDJt8IkCV+4mfbeyJVl7+HObmEeB80e5xV4GNC0rbDJtrdqtvHNZognW
4gIAnZb6Jb0T5MYSQAQwpUacLPrqN3wmr4WJxk7R/3dloaCDUvBy21KGZ8T/7fDR
4Goa5AKnnbu442IpAFDzqLDcWkjKJ1CuoCNijl+18Z4cp/zgSts=
=cJZV
-----END PGP SIGNATURE-----
commit1245de9bdd0dd5279639bad87c37b6a9f6fb4602[log] [tgz]
authorJess Frazelle <acidburn@microsoft.com>Tue Sep 25 10:35:32 2018 -0400
committerJess Frazelle <acidburn@microsoft.com>Tue Sep 25 10:35:32 2018 -0400
tree7308ae7d92125fefc2be418b62a2dd66d42f5321
parentc6edd9d338b79caa50df181fab1e2997968c4e30 [diff]
Bump version to v0.4.5

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2 files changed
tree: 7308ae7d92125fefc2be418b62a2dd66d42f5321
  1. .gitignore
  2. .goosarch
  3. .travis.yml
  4. .traviskey
  5. Dockerfile
  6. LICENSE
  7. Makefile
  8. README.md
  9. VERSION.txt
  10. basic.mk
  11. go.mod
  12. go.sum
  13. main.go
  14. vendor/
  15. version/
README.md

amicontained

Travis CI GoDoc Github All Releases

Container introspection tool. Find out what container runtime is being used as well as features available.

Installation

Binaries

For installation instructions from binaries please visit the Releases Page.

Via Go

$ go get github.com/genuinetools/amicontained

Usage

$ amicontained -h
amicontained -  A container introspection tool.

Usage: amicontained <command>

Flags:

  -d  enable debug logging (default: false)

Commands:

  version  Show the version information.

Examples

docker

$ docker run --rm -it r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 886432
	Range -> 65536
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --pid host r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: false
        user: false
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --security-opt "apparmor=unconfined" r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

lxc

$ lxc-attach -n xenial
root@xenial:/# amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

$ lxc-execute -n xenial -- /bin/amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

systemd-nspawn

$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained
Spawning container amicontained on /home/genuinetools/nspawn-amicontained.
Press ^] three times within 1s to kill container.
Timezone UTC does not exist in container, not updating container timezone.
Container Runtime: systemd-nspawn
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap
Chroot (not pivot_root): false
Container amicontained exited successfully.

rkt

$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained
[  631.522121] amicontained[5]: Container Runtime: rkt
[  631.522471] amicontained[5]: Host PID Namespace: false
[  631.522617] amicontained[5]: AppArmor Profile: none
[  631.522768] amicontained[5]: User Namespace: false
[  631.522922] amicontained[5]: Capabilities:
[  631.523075] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  631.523213] amicontained[5]: Chroot (not pivot_root): false

$ sudo rkt --insecure-options=image run  --private-users=true --no-overlay docker://r.j3ss.co/amicontained
[  785.547050] amicontained[5]: Container Runtime: rkt
[  785.547360] amicontained[5]: Host PID Namespace: false
[  785.547567] amicontained[5]: AppArmor Profile: none
[  785.547717] amicontained[5]: User Namespace: true
[  785.547856] amicontained[5]: User Namespace Mappings:
[  785.548064] amicontained[5]: 	Container -> 0	Host -> 229834752	Range -> 65536
[  785.548335] amicontained[5]: Capabilities:
[  785.548537] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  785.548679] amicontained[5]: Chroot (not pivot_root): false

unshare

$ sudo unshare --user -r
root@coreos:/home/jessie/.go/src/github.com/genuinetools/amicontained# ./amicontained
Container Runtime: not-found
Has Namespaces:
        pid: false
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 0
	Range -> 1
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false