Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Device access filtering in cgroup v2

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for KONDO Uchio KONDO Uchio
October 09, 2021
Technology
1k
1

Device access filtering in cgroup v2

第15回 コンテナ技術の情報交換会@オンライン -> https://ct-study.connpass.com/event/223739/

Avatar for KONDO Uchio

KONDO Uchio

October 09, 2021

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.6k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
310
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
270
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.8k
Talk of RBS
Avatar for KONDO Uchio udzura
0
500
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
850
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
810
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
920
生産性を可視化したい! / SUZURI's four keys
Avatar for KONDO Uchio udzura
11
5.5k

Other Decks in Technology

See All in Technology
layerx-fde-practices
Avatar for cipepser cipepser
6
2.9k
電子辞書Brainをネットに繋げてみた(自力編)
Avatar for らすぴー raspython3
0
320
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
Avatar for SMS tech sms_tech
1
340
サプライチェーンセキュリティの空白地帯 - 信頼できる”依存性”の未来を考える
Avatar for Hiroki Suezawa (@rung) rung
PRO
2
470
Fabric-cicd によるAzure DevOps デプロイ
Avatar for Ryoma Nagata ryomaru0825
0
150
Claude code Orchestra
Avatar for Taisei Ozaki ozakiomumkj
2
700
GitHub Copilot CLIでWebアクセシビリティを改善した話
Avatar for tomokusaba tomokusaba
0
130
Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
130
プラットフォームエンジニア ワークショップ/ platform-workshop
Avatar for Databricks Japan databricksjapan
0
140
Generative UI × A2UI で AI エージェントを作った話 AI-DLC も使ってみた!
Avatar for たけのこ kmiya84377
1
280
Strands Agents超入門
Avatar for KintoTech_Dev kintotechdev
1
140
Java正規表現エンジン(NFA)の仕組みと パフォーマンスを維持するための最適化手法
Avatar for 竹内 雅和 takeuchi_132917
0
150

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
11k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
190
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
2
560
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.3k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
27k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
6k
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
410
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.8k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
Avatar for Aleyda Solis aleyda
1
2k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
62k

Transcript

  1. ͳΜͰ΋#1'Ͱ΍Δ࣌୅ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ

  2. γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ

    @ GMOϖύϘ ΤϯδχΞΧϑΣʢ෱Ԭࢢ੺ẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ޷͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ޷͖ͳLinux Namespace: Time Namespace * ࠷ۙ͸ݴޠ࣮૷ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...

  3. ͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ͸<F#1'JENNJ>Ͱݕࡧ wͳΜ΍ΧʔωϧͰ҆શߴ଎ʹϑΟϧλ͢Δٕज़

  4. F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢೺ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠

  5. BPF_PROG_TYPE_CGROUP_DEVICE

  6. DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPX΍EFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU

  7. DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑͹ϩάΛ࢒ͨ͠Γ΋Ͱ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ

  8. σϞϓϩάϥϜ

  9. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ

  10. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋Ε͹Λฦ͢ σϑΥϧτΛฦ͢

  11. Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ

  12. Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢

  13. None

  14. ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰ΋Ͱ͖·ͤΜʣ ଞͷσόΠε͸0,

  15. ͔͜͜Β༨ஊ

  16. 3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ௚઀#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ੒͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ

  17. ࢓૊Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF

    format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ຋༁͢Δ

  18. ໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελ͸ݸʢݸΛਪ঑ʣ w໋ྩ͸Մม௕ɺҾ਺͸3 3ɺ೚ҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελ͸ݸ w໋ྩ͸ݪଇݻఆ௕ʢCJUɺඞཁͳ৔߹CJUʣ wҾ਺͸3 3ɺฦ٫஋͸ඞͣ3

  19. ม׵ͷྫ

  20. ·ͱΊʁ

  21. ॴײͱ͔ w#1'ϓϩάϥϜͷதͰ΋ɺσόΠεΞΫηεϑΟϧλ͸ খ͍࣮͞૷Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮૷Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞Μ΋σόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ