Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 03 Feb 2017 21:13:29 +0000
From: Jessica Frazelle <me@...sfraz.com>
To: Vincent Batts <vbatts@...hbangbash.com>
Cc: Thomas Garnier <thgarnie@...gle.com>, 
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: Container Hardening

Thanks, I'll check it out.

On Fri, Feb 3, 2017 at 12:48 PM Vincent Batts <vbatts@...hbangbash.com>
wrote:

> Jess,
>
> In the vein of your proposal (
> https://gist.github.com/jessfraz/3a84023ff85471696ee33a20031b9e7b),
> there was recently a systemtap (http://sourceware.org/systemtap/) script
> written to output some of this data that is not generally accessible
> from userspace.
>
> Will Cohen was nice enough to upload this and a quick write-up on it's
> usage.
>
> https://github.com/wcohen/linux-instrumentation/blob/master/container_check.md
>
> Where this can show when a "badcap" is encountered, or just to see the
> profile of capabilities and syscalls used.
>
> vb
>
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.