Open 0xmachos opened 5 years ago
containers should still be detectable with ls -di, i think. I'm not super familiar with the OSX filesystem, or indeed what options are available with OSX ls (so -di might be out), but i recall it has inodes, and / should always have an inode of 2 - which means you can detect chroots, dockers, etc, by having a poke
Check if we're in chroot, a hypervisor or a VM.
Worth trying to detect
sandbox-exec
or Jailkit?