v0.4.4
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE1MTdYA1m9lqO/FEeGPNoXAAiv/MFAluf+rwACgkQGPNoXAAi
v/OQkxAA4X0BMiZf+ZHo05cYMW4dHUgLMh1LnqxW4pTQtuXI1t8mIKow215RT5my
2eZFjaiHe60BVj8+TKo+w8Hva0i06RhlAEv6V66HSJGSm1GKosEf/m4dzqOBs+Cv
GE5eR73VhcTKgLvTmz38v5Ukr28bWx7dM/7lk2sHxR1nAXzkCRjNVHXuNsXP3ylc
imGfF0Kg33rxMLmrQ+evcRAQ2rjFIpQLz7t4kx2zRepkhHK5oul7W2y5L1LiBfxh
osDHAUMFp88ougr2hRf71dszIxNMM+APSD9emwSPgj+Xc6ooYHRMHQkpvAQHWI7b
k9mkF1+J4eQdpjGOXLnl00eZPmWWX0r/+hmHkn/+DZ7Eon1LFLA/oZowbrsnwDeh
hFeGZ8amZ5qNDWhpiIhi4kiDBwu4sty9A5P5MbeAGZ8J9iwQt+7wvHJuv+rWoYqA
eyr4DLpK5AYWKNqe7xvdl1GyhT15jzPNWtrMMcOVdLuhHff1fNJnADf847HhACiB
E85EIXp27irxChNvcq390fhkUzK5fQB60cGEPEd/jqEj3l3oOcxnyjpIwCzb8M+c
vCsGm87wFa7cKJeHXECqJMNYfLBuCh6RFiD+pqGnvWlRrF57j+NKfeTGxVHElnoj
SELNjR3hyk+UkwOE+dEXRlk1pR3aahmczYOZJUk44CXsrAkWmbs=
=sX4m
-----END PGP SIGNATURE-----
Bump version to v0.4.4

Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
2 files changed
tree: a72ea16c46dfdcb73a8a6f7b0ac90b69b8545421
  1. .gitignore
  2. .travis.yml
  3. Dockerfile
  4. Gopkg.lock
  5. Gopkg.toml
  6. LICENSE
  7. Makefile
  8. README.md
  9. VERSION.txt
  10. main.go
  11. vendor/
  12. version/
README.md

amicontained

Travis CI GoDoc Github All Releases

Container introspection tool. Find out what container runtime is being used as well as features available.

Installation

Binaries

For installation instructions from binaries please visit the Releases Page.

Via Go

$ go get github.com/genuinetools/amicontained

Usage

$ amicontained -h
amicontained -  A container introspection tool.

Usage: amicontained <command>

Flags:

  -d  enable debug logging (default: false)

Commands:

  version  Show the version information.

Examples

docker

$ docker run --rm -it r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 886432
	Range -> 65536
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --pid host r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: false
        user: false
AppArmor Profile: docker-default (enforce)
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

$ docker run --rm -it --security-opt "apparmor=unconfined" r.j3ss.co/amicontained
Container Runtime: docker
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot (not pivot_root): false

lxc

$ lxc-attach -n xenial
root@xenial:/# amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

$ lxc-execute -n xenial -- /bin/amicontained
Container Runtime: lxc
Has Namespaces:
        pid: true
        user: true
User Namespace Mappings:
	Container -> 0	Host -> 100000	Range -> 65536
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false

systemd-nspawn

$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained
Spawning container amicontained on /home/genuinetools/nspawn-amicontained.
Press ^] three times within 1s to kill container.
Timezone UTC does not exist in container, not updating container timezone.
Container Runtime: systemd-nspawn
Has Namespaces:
        pid: true
        user: false
AppArmor Profile: none
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap
Chroot (not pivot_root): false
Container amicontained exited successfully.

rkt

$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained
[  631.522121] amicontained[5]: Container Runtime: rkt
[  631.522471] amicontained[5]: Host PID Namespace: false
[  631.522617] amicontained[5]: AppArmor Profile: none
[  631.522768] amicontained[5]: User Namespace: false
[  631.522922] amicontained[5]: Capabilities:
[  631.523075] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  631.523213] amicontained[5]: Chroot (not pivot_root): false

$ sudo rkt --insecure-options=image run  --private-users=true --no-overlay docker://r.j3ss.co/amicontained
[  785.547050] amicontained[5]: Container Runtime: rkt
[  785.547360] amicontained[5]: Host PID Namespace: false
[  785.547567] amicontained[5]: AppArmor Profile: none
[  785.547717] amicontained[5]: User Namespace: true
[  785.547856] amicontained[5]: User Namespace Mappings:
[  785.548064] amicontained[5]: 	Container -> 0	Host -> 229834752	Range -> 65536
[  785.548335] amicontained[5]: Capabilities:
[  785.548537] amicontained[5]: 	BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[  785.548679] amicontained[5]: Chroot (not pivot_root): false

unshare

$ sudo unshare --user -r
root@coreos:/home/jessie/.go/src/github.com/genuinetools/amicontained# ./amicontained
Container Runtime: not-found
Has Namespaces:
        pid: false
        user: true
User Namespace Mappings:
	Container -> 0
	Host -> 0
	Range -> 1
AppArmor Profile: unconfined
Capabilities:
	BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
Chroot (not pivot_root): false