Caleb Brown
Caleb Brown
The strace parsing from GVisor needs much more improvement to avoid these parsing errors. The plan is to look into GVisor's support for connecting to the sentry via a UNIX...
I figured out possible a way to do this. The `runsc events` command supports the ability to `-stream` debug events. By passing `-strace` and `-strace-event` to the `runsc` binary at...
I haven't found any documentation, but the code isn't terribly hard to follow (see https://github.com/google/gvisor/blob/master/pkg/eventchannel/processor.go and https://github.com/google/gvisor/blob/master/pkg/eventchannel/event.go). It's a binary stream consisting of a `binary.Uvarint()` message length followed by an...
For reference, here is the output from `runsc events -stream` from `/bin/bash -c "while true; do echo 'hi' ; done"`: ``` ... 2022-08-04 08:49:43.044082455 +0000 UTC m=+5.865181584 gvisor.Strace { process:"bash"...
Currently we manually query the BigQuery dataset directly using SQL to hunt for suspicious activity. What I had in mind here is using something like [Sigma](https://github.com/SigmaHQ/sigma) rules (similar to Yara/Snort...
It also appears as though packages are not immutable for the same version. I suspect we want to name them based on a hash of the file (or the integrity...
A work around is to create/edit `/etc/docker/daemon.json` with the following: ``` { "default-cgroupns-mode": "host" } ```
Added docs in #404
This should be achievable by using https://pkg.go.dev/github.com/google/go-containerregistry/pkg/v1/remote#Get to check if the image is accessible.
Is your suggestion related to expanding the coverage of dynamic analysis, verifying that unsafe/undesired behaviour isn't occurring, or both? As far as expanding coverage goes we've thought about perhaps running...