9:33 a.m.
On 1/7/21 4:43 AM, Valentin Rothberg wrote:
There is a cool tool that can do that:
https://github.com/clustership/inspektor-gadget/
Note that inspektor gadget is designed to run in Kubernetes, so it
may not be as straight forward as running a Podman command.
Hi Valentin,
I didn't know about that one (cool name BTW!). I'm still learning
about containers with podman but I'll check it out when I dwell into
kuberntes.
We have another tool to easily generate custom seccomp profiles (
https://github.com/containers/oci-seccomp-bpf-hook) and have ideas
to extend it to also cover capabilities, but we haven't found time to
tackle that yet.
I learned about this one in a presentation by O'Malley &
Mohnani. I
remember thinking that it would be cool if it could do that with
capabilities! I'm glad to know it's being considered.
Thanks Valentin!
Jorge