How to Install and Uninstall oci-seccomp-bpf-hook Package on openSuSE Tumbleweed

Last updated: December 25,2024

1. Install "oci-seccomp-bpf-hook" package

Please follow the guidance below to install oci-seccomp-bpf-hook on openSuSE Tumbleweed

$ sudo zypper refresh $ sudo zypper install oci-seccomp-bpf-hook

2. Uninstall "oci-seccomp-bpf-hook" package

Please follow the guidance below to uninstall oci-seccomp-bpf-hook on openSuSE Tumbleweed:

$ sudo zypper remove oci-seccomp-bpf-hook

3. Information about the oci-seccomp-bpf-hook package on openSuSE Tumbleweed

Information for package oci-seccomp-bpf-hook:
---------------------------------------------
Repository : openSUSE-Tumbleweed-Oss
Name : oci-seccomp-bpf-hook
Version : 1.2.1-1.5
Arch : x86_64
Vendor : openSUSE
Installed Size : 4,0 MiB
Installed : No
Status : not installed
Source package : oci-seccomp-bpf-hook-1.2.1-1.5.src
Summary : OCI hook to trace syscalls and generate a seccomp profile
Description :
This project provides an OCI hook to generate seccomp profiles by tracing the
syscalls made by the container. The generated profile would allow all the
syscalls made and deny every other syscall.
The syscalls are traced by launching a binary by using the prestart OCI hook.
The binary started spawns a child process which attaches function enter_trace
to the raw_syscalls:sys_enter tracepoint using eBPF. The function looks at all
the syscalls made on the system and writes the syscalls which have the same PID
namespace as the container to the perf buffer. The perf buffer is read by the
process in the userspace and generates a seccomp profile when the container
exits.