Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Device access filtering in cgroup v2
KONDO Uchio
October 09, 2021
Technology
0
310
Device access filtering in cgroup v2
第15回 コンテナ技術の情報交換会@オンライン ->
https://ct-study.connpass.com/event/223739/
KONDO Uchio
October 09, 2021
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
Narrative of Ruby & Rust
udzura
0
5
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
500
Talk of RBS
udzura
0
110
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
430
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
1
310
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
260
生産性を可視化したい! / SUZURI's four keys
udzura
11
4.6k
@udzura at prog-lang-sys-ja
udzura
0
32
“Railsな人” のための低レイヤへの招待 / introduction-to-low-level-mruby
udzura
8
3k
Other Decks in Technology
See All in Technology
Puny to Powerful PostgreSQL Rails Apps
andyatkinson
PRO
0
280
Scrum Fest Niigata 2022 開発エンジニアに聞いてみよう!
moritamasami
1
140
プロダクション環境の信頼性を損ねず観測する技術
egmc
4
490
THETA Xの登場はジオ業界を変えるか?
furuhashilab
0
160
Steps toward self-service operations in eureka
fukubaka0825
0
580
次期LTSに備えよ!AOS 6.1 HCI Core 編
smzksts
0
180
How We Foster Reliability in Diversity
nari_ex
PRO
9
2.6k
2022年度ロボットフロンティア第1回
ryuichiueda
0
140
Research Paper Introduction #98 "NSDI 2022 recap"
cafenero_777
0
200
[SRE NEXT 2022]組織に対してSREを適用するとはどういうことか
srenext
0
130
事業の成長と共に歩む、ABEMA SRE探求の歴史 / SRE-Next 2022
nagaa052
0
150
AWS CLI入門_20220513
suzakiyoshito
0
3.8k
Featured
See All Featured
Building Applications with DynamoDB
mza
83
4.6k
The Pragmatic Product Professional
lauravandoore
19
2.9k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
125
8.5k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
151
12k
The Language of Interfaces
destraynor
148
20k
The Power of CSS Pseudo Elements
geoffreycrofte
46
3.9k
Reflections from 52 weeks, 52 projects
jeffersonlam
337
17k
Practical Orchestrator
shlominoach
178
8.6k
The Cult of Friendly URLs
andyhume
68
4.7k
Clear Off the Table
cherdarchuk
79
280k
GraphQLとの向き合い方2022年版
quramy
16
8.1k
Infographics Made Easy
chrislema
233
17k
Transcript
ͳΜͰ#1'ͰΔ࣌ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ
γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ
@ GMOϖύϘ ΤϯδχΞΧϑΣʢԬࢢẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ͖ͳLinux Namespace: Time Namespace * ࠷ۙݴޠ࣮ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...
͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ<F#1'JENNJ>Ͱݕࡧ wͳΜΧʔωϧͰ҆શߴʹϑΟϧλ͢Δٕज़
F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠
BPF_PROG_TYPE_CGROUP_DEVICE
DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPXEFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU
DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑ϩάΛͨ͠ΓͰ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ
σϞϓϩάϥϜ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋ΕΛฦ͢ σϑΥϧτΛฦ͢
Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ
Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢
None
ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰͰ͖·ͤΜʣ ଞͷσόΠε0,
͔͜͜Β༨ஊ
3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ
Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF
format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ༁͢Δ
໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελݸʢݸΛਪʣ w໋ྩՄมɺҾ3 3ɺҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελݸ w໋ྩݪଇݻఆʢCJUɺඞཁͳ߹CJUʣ wҾ3 3ɺฦ٫ඞͣ3
มͷྫ
·ͱΊʁ
ॴײͱ͔ w#1'ϓϩάϥϜͷதͰɺσόΠεΞΫηεϑΟϧλ খ͍࣮͞Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞ΜσόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ