CHROMIUM: security: Container monitoring LSM
The container monitoring LSM collects information about containerized processes and relay it to a VMM backend through vsock. It can be enabled and configured directly from the VMM backend. Information captured: - Process arguments. - Environment variables. - File layer for overlayfs. - stdin, stdout and stderr modes. - Unique identifier for processes. - Relay container information and link it to existing instances. Communication with the VMM backend is done through vsock for fast throughput and low latency. Messages are encoded using protobuf and nanopb. BUG=chromium:918980 TEST=Build, boot and GCP internal testing. Signed-off-by:Thomas Garnier <thgarnie@google.com> Change-Id: I43d6c0db043be7e1b5e0f2ba05e0d112bbb1f223 Reviewed-on: https://chromium-review.googlesource.com/1379657 Reviewed-by:
Dmitry Torokhov <dtor@chromium.org>
Loading
Please sign in to comment