Commit 20ee4b09 authored by Thomas Garnier's avatar Thomas Garnier Committed by chrome-bot
Browse files

CHROMIUM: security: Container monitoring LSM



The container monitoring LSM collects information about containerized
processes and relay it to a VMM backend through vsock. It can be enabled
and configured directly from the VMM backend.

Information captured:
 - Process arguments.
 - Environment variables.
 - File layer for overlayfs.
 - stdin, stdout and stderr modes.
 - Unique identifier for processes.
 - Relay container information and link it to existing instances.

Communication with the VMM backend is done through vsock for fast
throughput and low latency. Messages are encoded using protobuf and
nanopb.

BUG=chromium:918980
TEST=Build, boot and GCP internal testing.

Signed-off-by: default avatarThomas Garnier <thgarnie@google.com>
Change-Id: I43d6c0db043be7e1b5e0f2ba05e0d112bbb1f223
Reviewed-on: https://chromium-review.googlesource.com/1379657


Reviewed-by: default avatarDmitry Torokhov <dtor@chromium.org>
parent 771ac38c
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment