diff options
| author | Valentin Rothberg <vrothberg@redhat.com> | 2022-09-30 13:50:08 +0200 |
|---|---|---|
| committer | Valentin Rothberg <vrothberg@redhat.com> | 2022-09-30 14:10:21 +0200 |
| commit | 02b0f9fc393ab7bcbc1d555ac4386899daad59fd (patch) | |
| tree | a38708b170e3f3376339eaa4ccb4b68d34103117 /libpod/container_inspect.go | |
| parent | d88acd83a1bdd260fc69e0ff115ff99d55bb7760 (diff) | |
| download | podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.gz podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.tar.bz2 podman-02b0f9fc393ab7bcbc1d555ac4386899daad59fd.zip | |
container inspect: include image digest
Include the digest of the image in `podman container inspect`. The image
digest is a key information for auditing as it defines the identify of
an image. This way, it can be determined whether a container used an
image with a given CVE etc.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Diffstat (limited to 'libpod/container_inspect.go')
| -rw-r--r-- | libpod/container_inspect.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index e4089efa6..4dc1ca3a5 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -166,6 +166,15 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver IsInfra: c.IsInfra(), IsService: c.IsService(), } + + if config.RootfsImageID != "" { // May not be set if the container was created with --rootfs + image, _, err := c.runtime.libimageRuntime.LookupImage(config.RootfsImageID, nil) + if err != nil { + return nil, err + } + data.ImageDigest = image.Digest().String() + } + if ctrSpec.Process.Capabilities != nil { data.EffectiveCaps = ctrSpec.Process.Capabilities.Effective data.BoundingCaps = ctrSpec.Process.Capabilities.Bounding |