v0.4.0
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE1MTdYA1m9lqO/FEeGPNoXAAiv/MFAlqlVZwACgkQGPNoXAAi
v/NlvBAAjtMQMEAv7MCGDuU8DUAqtfOWxb0gEfyc+GPmc7Irtf0rkIe1NUZ19Mfs
LWshcshdxPzarTqohbSLGjwIAc7tfMBTo52KLlYdXzb+FslTrF3/ZpJZOWFaD9h/
7+SjnLpZLBIjmwVDrIvZjpFp0ibp/ngB45YT8NQ+7K/J3fGqs5lfLCYWlqi64ZWr
RaK/j4eqGrPh/6SVg+vvu4DjQtoYcEs2AYVPes8L8t0kRkUZrzyV9GygdixHbtPt
duWXbOVFLKvJlTlGhg9Vj9Iu5flliMT7/zKwyn6u0Gyla3M0pfCE2dqg1ERJIQoF
fcebIFfItOD/71RvHn0+XmYI6/D/By0ZXCaMd4A+djHKc0ktQ891XkFJ64uL+F0H
NsxSxg88v0bXjQdSI/DdsdgZOKUcYTzOmy/7a7ZU5bKEkhv7OdA4Eb+8AWwX2weP
jhY9XDLK5PNIMAnspOupeZaKxMVDDJ/sG314QVpVuKeeDuItJqZjij4grGkVMP75
dvxoafTxUn+cD8xqe865/pqdoid3E4yQ0cQRBRpbI0SvSRM4TZnltxbbS7g17gBV
E8ChotQSbpUNdhSV809z91ofYMcz8wrdokIRtxVFvdbASngte0Ca9mng9H4cv0Tp
dRPe0AvsRrlcZ/PPxqfTNcAOA+YGlk0MiRt5uA0GRsW9rCPcaUI=
=HN2G
-----END PGP SIGNATURE-----
Bump version to v0.4.0

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2 files changed
tree: 7b9a5f82fccc7965731fd20f8e5a62bdcd225bea
  1. .gitignore
  2. .travis.yml
  3. Dockerfile
  4. Gopkg.lock
  5. Gopkg.toml
  6. LICENSE
  7. Makefile
  8. README.md
  9. VERSION.txt
  10. container/
  11. main.go
  12. vendor/
  13. version/
README.md

amicontained

Travis CI

Container introspection tool. Find out what container runtime is being used as well as features available.

Installation

Binaries

Via Go

$ go get github.com/genuinetools/amicontained

Usage

$ amicontained -h
                 _                 _        _                _
  __ _ _ __ ___ (_) ___ ___  _ __ | |_ __ _(_)_ __   ___  __| |
 / _` | '_ ` _ \| |/ __/ _ \| '_ \| __/ _` | | '_ \ / _ \/ _` |
| (_| | | | | | | | (_| (_) | | | | || (_| | | | | |  __/ (_| |
 \__,_|_| |_| |_|_|\___\___/|_| |_|\__\__,_|_|_| |_|\___|\__,_|
 Container introspection tool.
 Version: v0.4.0

  -d	run in debug mode
  -v	print version and exit (shorthand)
  -version
    	print version and exit

Examples

docker

$ docker run --rm -it r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 886432
	Range -> 65536
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --pid host r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: false
        user: false
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --security-opt "apparmor=unconfined" r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

lxc

$ lxc-attach -n xenial
root@xenial:/# amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

$ lxc-execute -n xenial -- /bin/amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

systemd-nspawn

$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained
Spawning container amicontained on /home/genuinetools/nspawn-amicontained.
Press ^] three times within 1s to kill container.
Timezone UTC does not exist in container, not updating container timezone.
Container Runtime: systemd-nspawn
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap
Chroot (not pivot_root): false
Container amicontained exited successfully.

rkt

$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained
[  631.522121] amicontained[5]: Container Runtime: rkt
[  631.522471] amicontained[5]: Host PID Namespace: false
[  631.522617] amicontained[5]: AppArmor Profile: none
[  631.522768] amicontained[5]: User Namespace: false
[  631.522922] amicontained[5]: Capabilities:
[  631.523075] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  631.523213] amicontained[5]: Chroot (not pivot_root): false

$ sudo rkt --insecure-options=image run  --private-users=true --no-overlay docker://r.j3ss.co/amicontained
[  785.547050] amicontained[5]: Container Runtime: rkt
[  785.547360] amicontained[5]: Host PID Namespace: false
[  785.547567] amicontained[5]: AppArmor Profile: none
[  785.547717] amicontained[5]: User Namespace: true
[  785.547856] amicontained[5]: User Namespace Mappings:
[  785.548064] amicontained[5]: 	Container -> 0	Host -> 229834752	Range -> 65536
[  785.548335] amicontained[5]: Capabilities:
[  785.548537] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  785.548679] amicontained[5]: Chroot (not pivot_root): false

unshare

$ sudo unshare --user -r
root@coreos:/home/jessie/.go/src/github.com/genuinetools/amicontained# ./amicontained
Container Runtime: not-found
Has Namespaces:
        pid: false
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 0
	Range -> 1
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false