amicontained
Container introspection tool. Find out what container runtime is being used as well as features available.
Installation
Binaries
Via Go
$ go get github.com/jessfraz/amicontainedUsage
$ amicontained -h
_ _ _ _
__ _ _ __ ___ (_) ___ ___ _ __ | |_ __ _(_)_ __ ___ __| |
/ _` | '_ ` _ \| |/ __/ _ \| '_ \| __/ _` | | '_ \ / _ \/ _` |
| (_| | | | | | | | (_| (_) | | | | || (_| | | | | | __/ (_| |
\__,_|_| |_| |_|_|\___\___/|_| |_|\__\__,_|_|_| |_|\___|\__,_|
Container introspection tool.
Version: v0.0.8
-d run in debug mode
-v print version and exit (shorthand)
-version
print version and exitExamples
docker
$ docker run --rm -it r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: false
AppArmor Profile: docker-default (enforce)
User Namespace: true
User Namespace Mappings:
Container -> 0
Host -> 886432
Range -> 65536
Capabilities:
BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: true
$ docker run --rm -it --pid host r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: true
AppArmor Profile: docker-default (enforce)
User Namespace: false
Capabilities:
BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: true
$ docker run --rm -it --security-opt "apparmor=unconfined" r.j3ss.co/amicontained
Container Runtime: docker
Host PID Namespace: false
AppArmor Profile: unconfined
User Namespace: false
Capabilities:
BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
Chroot/PivotRoot: truelxc
$ lxc-attach -n xenial
root@xenial:/# amicontained
Container Runtime: lxc
Host PID Namespace: false
AppArmor Profile: none
User Namespace: true
User Namespace Mappings:
Container -> 0 Host -> 100000 Range -> 65536
Capabilities:
BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: true
$ lxc-execute -n xenial -- /bin/amicontained
Container Runtime: lxc
Host PID Namespace: false
AppArmor Profile: none
User Namespace: true
User Namespace Mappings:
Container -> 0 Host -> 100000 Range -> 65536
Capabilities:
BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: truesystemd-nspawn
$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained
Spawning container amicontained on /home/jessfraz/nspawn-amicontained.
Press ^] three times within 1s to kill container.
Timezone UTC does not exist in container, not updating container timezone.
Container Runtime: systemd-nspawn
Host PID Namespace: false
AppArmor Profile: none
User Namespace: false
Capabilities:
BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap
Chroot/PivotRoot: true
Container amicontained exited successfully.rkt
$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained
[ 631.522121] amicontained[5]: Container Runtime: rkt
[ 631.522471] amicontained[5]: Host PID Namespace: false
[ 631.522617] amicontained[5]: AppArmor Profile: none
[ 631.522768] amicontained[5]: User Namespace: false
[ 631.522922] amicontained[5]: Capabilities:
[ 631.523075] amicontained[5]: BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[ 631.523213] amicontained[5]: Chroot/PivotRoot: false
$ sudo rkt --insecure-options=image run --private-users=true --no-overlay docker://r.j3ss.co/amicontained
[ 785.547050] amicontained[5]: Container Runtime: rkt
[ 785.547360] amicontained[5]: Host PID Namespace: false
[ 785.547567] amicontained[5]: AppArmor Profile: none
[ 785.547717] amicontained[5]: User Namespace: true
[ 785.547856] amicontained[5]: User Namespace Mappings:
[ 785.548064] amicontained[5]: Container -> 0 Host -> 229834752 Range -> 65536
[ 785.548335] amicontained[5]: Capabilities:
[ 785.548537] amicontained[5]: BOUNDING -> chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap
[ 785.548679] amicontained[5]: Chroot/PivotRoot: falseunshare
$ sudo unshare --user -r
root@coreos:/home/jessie/.go/src/github.com/jessfraz/amicontained# ./amicontained
Container Runtime: not-found
Host PID Namespace: true
AppArmor Profile: unconfined
User Namespace: true
User Namespace Mappings:
Container -> 0
Host -> 0
Range -> 1
Capabilities:
BOUNDING -> chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
Chroot/PivotRoot: false