From 04b43ccf64dd5166539743b44a95c9921ddc8a9f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 21 Dec 2020 10:10:47 -0500 Subject: Add Security information to podman info When debugging issues, it would be helpful to know the security settings of the system running into the problem. Adding security info to `podman info` is also useful to users. Signed-off-by: Daniel J Walsh --- libpod/info.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'libpod/info.go') diff --git a/libpod/info.go b/libpod/info.go index 2f64a107e..1b3550abd 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -13,6 +13,8 @@ import ( "time" "github.com/containers/buildah" + "github.com/containers/common/pkg/apparmor" + "github.com/containers/common/pkg/seccomp" "github.com/containers/podman/v2/libpod/define" "github.com/containers/podman/v2/libpod/linkmode" "github.com/containers/podman/v2/pkg/cgroups" @@ -20,6 +22,7 @@ import ( "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/system" + "github.com/opencontainers/selinux/go-selinux" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -98,10 +101,16 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { MemFree: mi.MemFree, MemTotal: mi.MemTotal, OS: runtime.GOOS, - Rootless: rootless.IsRootless(), - Slirp4NetNS: define.SlirpInfo{}, - SwapFree: mi.SwapFree, - SwapTotal: mi.SwapTotal, + Security: define.SecurityInfo{ + AppArmorEnabled: apparmor.IsEnabled(), + DefaultCapabilities: strings.Join(r.config.Containers.DefaultCapabilities, ","), + Rootless: rootless.IsRootless(), + SECCOMPEnabled: seccomp.IsEnabled(), + SELinuxEnabled: selinux.GetEnabled(), + }, + Slirp4NetNS: define.SlirpInfo{}, + SwapFree: mi.SwapFree, + SwapTotal: mi.SwapTotal, } // CGroups version -- cgit v1.2.3-54-g00ecf