[CKS] Simulator Question 14

ctufindgood

Hi,

I was reviewing question 14 (e.g. syscall activity) from the CKS Simulator Kubernetes 1.28 (killer.sh) and I am wondering if anyone have tried to solve it by logging all the syscalls via a custom seccomp profile (e.g. { "defaultAction": "SCMP_ACT_LOG" })?

Here's what I did:
1. Create a custom profile {"defaultAction": "SCMP_ACT_LOG"}
2. Update the deployment to use the custom profile under spec.securityContext.seccompProfile of the pod definition
3. Review the logged syscalls under grep syscall /var/log/syslog
4. Look up the syscall number under grep -w <syscall_number> /usr/include/asm/unistd_64.h

However, I am not sure why none of my logged syscall numbers reflect the KILL command.

Any ideas or feedback on what I may have done wrong? Thank you.