检查容器内部是否存在cap=SYS_PTRACE权限，存在该权限并且挂载宿主机的PID空间时，可以在容器环境内注入宿主机进程进行逃逸。 该脚本将检查内部是否存在cap=SYS_PTRACE权限，同时打印容器内部进程列表。

Checking if container has cap=SYS_PTRACE capability, containers which have both this capability and host PID namespace shared (--PID=host) can be escaped by process injection.
This scripts will check if container has cap=SYS_PTRACE capability then print process information.

Further Exploit: https://github.com/gaffe23/linux-inject

./cdk run check-ptrace

./cdk run check-ptrace