Module cgroups 

Linux cgroup membership enumeration for container forensics.

Enumerates cgroup memberships for processes to identify container isolation (Docker, LXC, Kubernetes pods) and resource limits. Forensically significant for detecting containerized malware or container escapes.

MITRE ATT&CK T1610 — Deploy Container.

Re-exports

pub use crate::heuristics::classify_cgroup;

Structs

CgroupInfo

Cgroup membership information extracted from a process’s task_struct.

Functions

walk_cgroups

Walk cgroup membership information for each process in the provided list.