Question 1

How to check seccomp blocked syscalls with amicontained?

Accepted Answer

Run amicontained in your container; it automatically lists blocked syscalls under 'Seccomp: filtering' in the output, as shown in the Docker examples. This helps audit security profiles without manual inspection.

Question 2

What container runtimes does amicontained support?

Accepted Answer

It supports Docker, LXC, systemd-nspawn, and rkt, as evidenced by the detailed examples in the README. However, it may report 'not-found' for non-standard or unshare environments.

Question 3

Can amicontained detect Kubernetes pod security contexts?

Accepted Answer

No, amicontained is designed for container-level introspection and doesn't specifically integrate with Kubernetes pod settings. You'd need to run it inside individual pods to gather data.

Question 4

How to interpret user namespace mappings from amicontained output?

Accepted Answer

The output shows mappings like 'Container -> 0, Host -> 886432, Range -> 65536', indicating ID translations. This is useful for debugging privilege escalation or isolation issues in user namespaces.

Question 5

amicontained vs docker inspect for security auditing?

Accepted Answer

amicontained provides a consolidated, security-focused view across multiple runtimes, while docker inspect is Docker-specific and more verbose. Use amicontained for cross-runtime audits, but rely on docker inspect for detailed Docker-native configurations.

Question 6

Is amicontained suitable for production monitoring?

Accepted Answer

Not ideally; it's a one-shot diagnostic tool without logging or alerting features. For production, pair it with other tools like Falco or SELinux for continuous security monitoring.

amicontained

What is amicontained?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions