{"id":13416404,"url":"https://github.com/genuinetools/amicontained","last_synced_at":"2026-01-12T02:56:50.852Z","repository":{"id":45505146,"uuid":"99297933","full_name":"genuinetools/amicontained","owner":"genuinetools","description":"Container introspection tool. Find out what container runtime is being used as well as features available.","archived":false,"fork":false,"pushed_at":"2020-12-09T04:37:59.000Z","size":3396,"stargazers_count":1032,"open_issues_count":7,"forks_count":69,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-05-15T07:03:40.959Z","etag":null,"topics":["apparmor","capabilities","container-introspection","containers","docker","libvirt","linux","lxc","namespaces","opencontainers","openvz","rkt","security","systemd-nspawn"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/genuinetools.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-04T03:13:18.000Z","updated_at":"2025-05-14T03:54:04.000Z","dependencies_parsed_at":"2022-08-12T11:52:13.085Z","dependency_job_id":null,"html_url":"https://github.com/genuinetools/amicontained","commit_stats":null,"previous_names":["jessfraz/amicontained"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Famicontained","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Famicontained/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Famicontained/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/genuinetools%2Famicontained/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/genuinetools","download_url":"https://codeload.github.com/genuinetools/amicontained/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254291961,"owners_count":22046424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apparmor","capabilities","container-introspection","containers","docker","libvirt","linux","lxc","namespaces","opencontainers","openvz","rkt","security","systemd-nspawn"],"created_at":"2024-07-30T21:00:58.337Z","updated_at":"2026-01-12T02:56:50.846Z","avatar_url":"https://github.com/genuinetools.png","language":"Go","funding_links":[],"categories":["Docker Images","Go","文章","Container Specific"],"sub_categories":["Base Tools"],"readme":"# amicontained\n\n[![make-all](https://github.com/genuinetools/amicontained/workflows/make%20all/badge.svg)](https://github.com/genuinetools/amicontained/actions?query=workflow%3A%22make+all%22)\n[![make-image](https://github.com/genuinetools/amicontained/workflows/make%20image/badge.svg)](https://github.com/genuinetools/amicontained/actions?query=workflow%3A%22make+image%22)\n[![GoDoc](https://img.shields.io/badge/godoc-reference-5272B4.svg?style=for-the-badge)](https://godoc.org/github.com/genuinetools/amicontained)\n[![Github All Releases](https://img.shields.io/github/downloads/genuinetools/amicontained/total.svg?style=for-the-badge)](https://github.com/genuinetools/amicontained/releases)\n\nContainer introspection tool. Find out what container runtime is being used as\nwell as features available.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n**Table of Contents**\n\n- [Installation](#installation)\n    - [Binaries](#binaries)\n    - [Via Go](#via-go)\n- [Usage](#usage)\n- [Examples](#examples)\n    - [docker](#docker)\n    - [lxc](#lxc)\n    - [systemd-nspawn](#systemd-nspawn)\n    - [rkt](#rkt)\n    - [unshare](#unshare)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Installation\n\n#### Binaries\n\nFor installation instructions from binaries please visit the [Releases Page](https://github.com/genuinetools/amicontained/releases).\n\n#### Via Go\n\n```bash\n$ go get github.com/genuinetools/amicontained\n```\n\n## Usage\n\n```console\n$ amicontained -h\namicontained -  A container introspection tool.\n\nUsage: amicontained \u003ccommand\u003e\n\nFlags:\n\n  -d  enable debug logging (default: false)\n\nCommands:\n\n  version  Show the version information.\n```\n\n## Examples\n\n#### docker\n\n```console\n$ docker run --rm -it r.j3ss.co/amicontained\nContainer Runtime: docker\nHas Namespaces:\n        pid: true\n        user: true\nUser Namespace Mappings:\n\tContainer -\u003e 0\n\tHost -\u003e 886432\n\tRange -\u003e 65536\nAppArmor Profile: docker-default (enforce)\nCapabilities:\n\tBOUNDING -\u003e chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap\nSeccomp: filtering\nBlocked Syscalls (57):\n    MSGRCV PTRACE SYSLOG SETPGID SETSID USELIB USTAT SYSFS VHANGUP PIVOT_ROOT _SYSCTL ACCT SETTIMEOFDAY MOUNT UMOUNT2 SWAPON SWAPOFF REBOOT SETHOSTNAME SETDOMAINNAME IOPL IOPERM CREATE_MODULE INIT_MODULE DELETE_MODULE GET_KERNEL_SYMS QUERY_MODULE QUOTACTL NFSSERVCTL GETPMSG PUTPMSG AFS_SYSCALL TUXCALL SECURITY LOOKUP_DCOOKIE CLOCK_SETTIME VSERVER MBIND SET_MEMPOLICY GET_MEMPOLICY KEXEC_LOAD ADD_KEY REQUEST_KEY KEYCTL MIGRATE_PAGES UNSHARE MOVE_PAGES PERF_EVENT_OPEN FANOTIFY_INIT NAME_TO_HANDLE_AT OPEN_BY_HANDLE_AT CLOCK_ADJTIME SETNS PROCESS_VM_READV PROCESS_VM_WRITEV KCMP FINIT_MODULE\n\n$ docker run --rm -it --pid host r.j3ss.co/amicontained\nContainer Runtime: docker\nHas Namespaces:\n        pid: false\n        user: false\nAppArmor Profile: docker-default (enforce)\nCapabilities:\n\tBOUNDING -\u003e chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap\nSeccomp: filtering\nBlocked Syscalls (57):\n    MSGRCV PTRACE SYSLOG SETPGID SETSID USELIB USTAT SYSFS VHANGUP PIVOT_ROOT _SYSCTL ACCT SETTIMEOFDAY MOUNT UMOUNT2 SWAPON SWAPOFF REBOOT SETHOSTNAME SETDOMAINNAME IOPL IOPERM CREATE_MODULE INIT_MODULE DELETE_MODULE GET_KERNEL_SYMS QUERY_MODULE QUOTACTL NFSSERVCTL GETPMSG PUTPMSG AFS_SYSCALL TUXCALL SECURITY LOOKUP_DCOOKIE CLOCK_SETTIME VSERVER MBIND SET_MEMPOLICY GET_MEMPOLICY KEXEC_LOAD ADD_KEY REQUEST_KEY KEYCTL MIGRATE_PAGES UNSHARE MOVE_PAGES PERF_EVENT_OPEN FANOTIFY_INIT NAME_TO_HANDLE_AT OPEN_BY_HANDLE_AT CLOCK_ADJTIME SETNS PROCESS_VM_READV PROCESS_VM_WRITEV KCMP FINIT_MODULE\n\n$ docker run --rm -it --security-opt \"apparmor=unconfined\" r.j3ss.co/amicontained\nContainer Runtime: docker\nHas Namespaces:\n        pid: true\n        user: false\nAppArmor Profile: unconfined\nCapabilities:\n\tBOUNDING -\u003e chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap\nSeccomp: filtering\nBlocked Syscalls (57):\n    MSGRCV PTRACE SYSLOG SETPGID SETSID USELIB USTAT SYSFS VHANGUP PIVOT_ROOT _SYSCTL ACCT SETTIMEOFDAY MOUNT UMOUNT2 SWAPON SWAPOFF REBOOT SETHOSTNAME SETDOMAINNAME IOPL IOPERM CREATE_MODULE INIT_MODULE DELETE_MODULE GET_KERNEL_SYMS QUERY_MODULE QUOTACTL NFSSERVCTL GETPMSG PUTPMSG AFS_SYSCALL TUXCALL SECURITY LOOKUP_DCOOKIE CLOCK_SETTIME VSERVER MBIND SET_MEMPOLICY GET_MEMPOLICY KEXEC_LOAD ADD_KEY REQUEST_KEY KEYCTL MIGRATE_PAGES UNSHARE MOVE_PAGES PERF_EVENT_OPEN FANOTIFY_INIT NAME_TO_HANDLE_AT OPEN_BY_HANDLE_AT CLOCK_ADJTIME SETNS PROCESS_VM_READV PROCESS_VM_WRITEV KCMP FINIT_MODULE\n```\n\n#### lxc\n\n```console\n$ lxc-attach -n xenial\nroot@xenial:/# amicontained\nContainer Runtime: lxc\nHas Namespaces:\n        pid: true\n        user: true\nUser Namespace Mappings:\n\tContainer -\u003e 0\tHost -\u003e 100000\tRange -\u003e 65536\nAppArmor Profile: none\nCapabilities:\n\tBOUNDING -\u003e chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read\n\n$ lxc-execute -n xenial -- /bin/amicontained\nContainer Runtime: lxc\nHas Namespaces:\n        pid: true\n        user: true\nUser Namespace Mappings:\n\tContainer -\u003e 0\tHost -\u003e 100000\tRange -\u003e 65536\nAppArmor Profile: none\nCapabilities:\n\tBOUNDING -\u003e chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap syslog wake_alarm block_suspend audit_read\n```\n\n#### systemd-nspawn\n\n```console\n$ sudo systemd-nspawn --machine amicontained --directory nspawn-amicontained /usr/bin/amicontained\nSpawning container amicontained on /home/genuinetools/nspawn-amicontained.\nPress ^] three times within 1s to kill container.\nTimezone UTC does not exist in container, not updating container timezone.\nContainer Runtime: systemd-nspawn\nHas Namespaces:\n        pid: true\n        user: false\nAppArmor Profile: none\nCapabilities:\n\tBOUNDING -\u003e chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_raw ipc_owner sys_chroot sys_ptrace sys_admin sys_boot sys_nice sys_resource sys_tty_config mknod lease audit_write audit_control setfcap\nContainer amicontained exited successfully.\n```\n\n#### rkt\n\n```console\n$ sudo rkt --insecure-options=image run docker://r.j3ss.co/amicontained\n[  631.522121] amicontained[5]: Container Runtime: rkt\n[  631.522471] amicontained[5]: Host PID Namespace: false\n[  631.522617] amicontained[5]: AppArmor Profile: none\n[  631.522768] amicontained[5]: User Namespace: false\n[  631.522922] amicontained[5]: Capabilities:\n[  631.523075] amicontained[5]: \tBOUNDING -\u003e chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap\n\n$ sudo rkt --insecure-options=image run  --private-users=true --no-overlay docker://r.j3ss.co/amicontained\n[  785.547050] amicontained[5]: Container Runtime: rkt\n[  785.547360] amicontained[5]: Host PID Namespace: false\n[  785.547567] amicontained[5]: AppArmor Profile: none\n[  785.547717] amicontained[5]: User Namespace: true\n[  785.547856] amicontained[5]: User Namespace Mappings:\n[  785.548064] amicontained[5]: \tContainer -\u003e 0\tHost -\u003e 229834752\tRange -\u003e 65536\n[  785.548335] amicontained[5]: Capabilities:\n[  785.548537] amicontained[5]: \tBOUNDING -\u003e chown dac_override fowner fsetid kill setgid setuid setpcap net_bind_service net_raw sys_chroot mknod audit_write setfcap\n```\n\n#### unshare\n\n```console\n$ sudo unshare --user -r\nroot@coreos:/home/jessie/.go/src/github.com/genuinetools/amicontained# ./amicontained\nContainer Runtime: not-found\nHas Namespaces:\n        pid: false\n        user: true\nUser Namespace Mappings:\n\tContainer -\u003e 0\n\tHost -\u003e 0\n\tRange -\u003e 1\nAppArmor Profile: unconfined\nCapabilities:\n\tBOUNDING -\u003e chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenuinetools%2Famicontained","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgenuinetools%2Famicontained","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgenuinetools%2Famicontained/lists"}