File: 41-containers.rules

package info (click to toggle)
audit 1%3A4.1.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,468 kB
  • sloc: ansic: 61,684; makefile: 1,664; python: 1,647; sh: 417; sed: 32
file content (9 lines) | stat: -rw-r--r-- 439 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
 
## Use these rules if you want to log container events
## watch for container creation
-a always,exit -F arch=b32 -S clone -F a0&0x7C020000 -F key=container-create
-a always,exit -F arch=b64 -S clone -F a0&0x7C020000 -F key=container-create

## watch for containers that may change their configuration
-a always,exit -F arch=b32 -S unshare,setns -F key=container-config
-a always,exit -F arch=b64 -S unshare,setns -F key=container-config