Welcome to the Linux Foundation Forum!

[CKS] Simulator Question 14

Hi,

I was reviewing question 14 (e.g. syscall activity) from the CKS Simulator Kubernetes 1.28 (killer.sh) and I am wondering if anyone have tried to solve it by logging all the syscalls via a custom seccomp profile (e.g. { "defaultAction": "SCMP_ACT_LOG" })?

Here's what I did:
1. Create a custom profile {"defaultAction": "SCMP_ACT_LOG"}
2. Update the deployment to use the custom profile under spec.securityContext.seccompProfile of the pod definition
3. Review the logged syscalls under grep syscall /var/log/syslog
4. Look up the syscall number under grep -w <syscall_number> /usr/include/asm/unistd_64.h

However, I am not sure why none of my logged syscall numbers reflect the KILL command.

Any ideas or feedback on what I may have done wrong? Thank you.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training