A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform!
How does it work?
As shown by runc CVE-2019-5736, traditional Linux container runtimes expose themselves to the containers they’re running through /proc/self/exe . whoc uses this link to read the container runtime executing it.
This is whoc default mode that works against dynamically linked container runtime…