This adds the capable bcc tracer to podman using oci-hooks.
- Install the dependencies:
dnf install bpftool bcc gcc glibc-static
- Run
make && sudo make installin the project directory to install
- Run the
capabilities-tracker - Start your container with
podman run --annotation io.containers.trace-capabilities=true ... - Check out the stdout of the
capabilities-trackerprocess
If you get permission denied errors in /sys/fs/bpf with SELinux, you can enable access with:
# ausearch -c 'bpftool' --raw | audit2allow -M my-bpftool
# semodule -X 300 -i my-bpftool.pp
Uninstall with make uninstall