github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/crds/gadgets/audit-seccomp.md

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/docs/crds/gadgets/audit-seccomp.md (about)

     1  ---
     2  # Code generated by 'make generate-documentation'. DO NOT EDIT.
     3  title: Gadget audit-seccomp
     4  ---
     5  
     6  The Audit Seccomp gadget provides a stream of events with syscalls that had
     7  their seccomp filters generating an audit log. An audit log can be generated in
     8  one of those two conditions:
     9  
    10  * The Seccomp profile has the flag SECCOMP_FILTER_FLAG_LOG (currently
    11    [unsupported by runc](https://github.com/opencontainers/runc/pull/3390)) and
    12    returns any action other than SECCOMP_RET_ALLOW.
    13  * The Seccomp profile does not have the flag SECCOMP_FILTER_FLAG_LOG but
    14    returns SCMP_ACT_LOG or SCMP_ACT_KILL*.
    15  
    16  
    17  ### Example CR
    18  
    19  ```yaml
    20  apiVersion: gadget.kinvolk.io/v1alpha1
    21  kind: Trace
    22  metadata:
    23    name: audit-seccomp
    24    namespace: gadget
    25  spec:
    26    node: minikube
    27    gadget: audit-seccomp
    28    runMode: Manual
    29    outputMode: Stream
    30  ```
    31  
    32  ### Operations
    33  
    34  
    35  #### start
    36  
    37  Start audit seccomp
    38  
    39  ```bash
    40  $ kubectl annotate -n gadget trace/audit-seccomp \
    41      gadget.kinvolk.io/operation=start
    42  ```
    43  #### stop
    44  
    45  Stop audit seccomp
    46  
    47  ```bash
    48  $ kubectl annotate -n gadget trace/audit-seccomp \
    49      gadget.kinvolk.io/operation=stop
    50  ```
    51  
    52  ### Output Modes
    53  
    54  * Stream