Add Docker support

Question

Add Docker support

Closed this issue 3 years ago · 2 comments

Implement support for tracing and enforcing policy on Docker containers. To do this, we need to trace Docker itself as well as the containerd-shim that spawns Docker containers. We then need a way to associate a given policy with a given Docker container (according to the base image?).

Answer 1 · 2021-08-18T17:46:10.000Z

The "shiplift" crate can be used to export information about Docker containers. This crate sounds perfect for associating a BPFContain policy with a running Docker container.

Answer 2 · 2021-08-18T17:46:32.000Z

Ian Pye's talk at the 2021 BPF summit discusses using this crate with eBPF and Rust.