Skip to content

xek/capabilities_tracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
capabilities-tracker
capabilities-tracker
 
 
capabilities_tracker.json
capabilities_tracker.json
 
 
capable-hook
capable-hook
 
 
cgroupid.c
cgroupid.c
 
 

Repository files navigation

Capabilities Tracker

This adds the capable bcc tracer to podman using oci-hooks.

Installation

  1. Install the dependencies:
dnf install bpftool bcc gcc glibc-static
  1. Run make && sudo make install in the project directory to install

Usage

  1. Run the capabilities-tracker
  2. Start your container with podman run --annotation io.containers.trace-capabilities=true ...
  3. Check out the stdout of the capabilities-tracker process

Issues

If you get permission denied errors in /sys/fs/bpf with SELinux, you can enable access with:

# ausearch -c 'bpftool' --raw | audit2allow -M my-bpftool
# semodule -X 300 -i my-bpftool.pp

Uninstall

Uninstall with make uninstall

About

Capabilities Tracker

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages