Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P60658
check-apparmor_seccomp.sh
Active
Public
Actions
Authored by
JMeybohm
on Apr 16 2024, 4:22 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
None
Referenced Files
F47003448: check-apparmor_seccomp.sh
Apr 16 2024, 4:22 PM
2024-04-16 16:22:07 (UTC+0)
Subscribers
None
#!/bin/bash
# check-apparmor_seccomp.sh
# Lists all processes in docker containers not running with the docker-default AppArmor profile or not in SECCOMP_MODE_FILTER
docker ps -q
|
xargs docker inspect --format
'{{.State.Pid}} {{.Name}}'
|
while
read
-r ppid name
;
do
pids
=
"
${
ppid
}
$(
pgrep -P
"
$ppid
"
)
"
for
pid in
$ppid
$pids
;
do
apparmor
=
$(
cat
"/proc/
${
pid
}
/attr/current"
)
seccomp
=
$(
grep ^Seccomp:
"/proc/
${
pid
}
/status"
|
cut -f2
)
if
[
"
${
apparmor
}
"
!
=
"docker-default (enforce)"
]
;
then
echo
"
${
name
}
${
pid
}
$(
tr
'\0'
' '
<
"/proc/
${
pid
}
/cmdline"
)
is running with AppArmor profile
${
apparmor
}
"
fi
if
[
"
${
seccomp
}
"
-lt
2
]
;
then
echo
"
${
name
}
${
pid
}
$(
tr
'\0'
' '
<
"/proc/
${
pid
}
/cmdline"
)
is running in Seccomp mode
${
seccomp
}
"
fi
done
done
Event Timeline
JMeybohm
created this paste.
Apr 16 2024, 4:22 PM
2024-04-16 16:22:07 (UTC+0)
JMeybohm
mentioned this in
T273507: PodSecurityPolicies will be deprecated with Kubernetes 1.21
.
Apr 16 2024, 6:24 PM
2024-04-16 18:24:29 (UTC+0)
Log In to Comment