How to Install and Uninstall oci-seccomp-bpf-hook Package on openSuSE Tumbleweed
Last updated: May 20,2024
Deprecated! Installation of this package may no longer be supported.
1. Install "oci-seccomp-bpf-hook" package
Please follow the guidance below to install oci-seccomp-bpf-hook on openSuSE Tumbleweed
$
sudo zypper refresh
Copied
$
sudo zypper install
oci-seccomp-bpf-hook
Copied
2. Uninstall "oci-seccomp-bpf-hook" package
Please follow the guidance below to uninstall oci-seccomp-bpf-hook on openSuSE Tumbleweed:
$
sudo zypper remove
oci-seccomp-bpf-hook
Copied
3. Information about the oci-seccomp-bpf-hook package on openSuSE Tumbleweed
Information for package oci-seccomp-bpf-hook:
---------------------------------------------
Repository : openSUSE-Tumbleweed-Oss
Name : oci-seccomp-bpf-hook
Version : 1.2.1-1.5
Arch : x86_64
Vendor : openSUSE
Installed Size : 4,0 MiB
Installed : No
Status : not installed
Source package : oci-seccomp-bpf-hook-1.2.1-1.5.src
Summary : OCI hook to trace syscalls and generate a seccomp profile
Description :
This project provides an OCI hook to generate seccomp profiles by tracing the
syscalls made by the container. The generated profile would allow all the
syscalls made and deny every other syscall.
The syscalls are traced by launching a binary by using the prestart OCI hook.
The binary started spawns a child process which attaches function enter_trace
to the raw_syscalls:sys_enter tracepoint using eBPF. The function looks at all
the syscalls made on the system and writes the syscalls which have the same PID
namespace as the container to the perf buffer. The perf buffer is read by the
process in the userspace and generates a seccomp profile when the container
exits.
---------------------------------------------
Repository : openSUSE-Tumbleweed-Oss
Name : oci-seccomp-bpf-hook
Version : 1.2.1-1.5
Arch : x86_64
Vendor : openSUSE
Installed Size : 4,0 MiB
Installed : No
Status : not installed
Source package : oci-seccomp-bpf-hook-1.2.1-1.5.src
Summary : OCI hook to trace syscalls and generate a seccomp profile
Description :
This project provides an OCI hook to generate seccomp profiles by tracing the
syscalls made by the container. The generated profile would allow all the
syscalls made and deny every other syscall.
The syscalls are traced by launching a binary by using the prestart OCI hook.
The binary started spawns a child process which attaches function enter_trace
to the raw_syscalls:sys_enter tracepoint using eBPF. The function looks at all
the syscalls made on the system and writes the syscalls which have the same PID
namespace as the container to the perf buffer. The perf buffer is read by the
process in the userspace and generates a seccomp profile when the container
exits.
4. References on openSuSE Tumbleweed
5. The same packages on other Linux Distributions
Popular Linux Distros
Ubuntu
Arch
Linux Mint
Fedora
Kali Linux
Debian
openSuSE
CentOS
Oracle Linux
Rocky Linux
Manjaro
AlmaLinux
Amazon Linux
Red Hat Enterprise Linux