Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Device access filtering in cgroup v2
Search
KONDO Uchio
October 09, 2021
Technology
1
860
Device access filtering in cgroup v2
第15回 コンテナ技術の情報交換会@オンライン ->
https://ct-study.connpass.com/event/223739/
KONDO Uchio
October 09, 2021
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
230
Narrative of Ruby & Rust
udzura
0
200
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
430
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
750
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
710
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
790
生産性を可視化したい! / SUZURI's four keys
udzura
11
5.4k
Other Decks in Technology
See All in Technology
AWS全冠芸人が見た世界 ~資格取得より大切なこと~
masakiokuda
5
5.6k
【2025年度新卒技術研修】100分で学ぶ サイバーエージェントのデータベース 活用事例とMySQLパフォーマンス調査
cyberagentdevelopers
PRO
5
7.2k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
440
クォータ監視、AWS Organizations環境でも楽勝です✌️
iwamot
PRO
1
280
OpenSearchでレガシーな検索処理の大幅改善をやってやろう
dznbk
2
170
The Tale of Leo: Brave Lion and Curious Little Bug
canalun
1
110
20250411_HCCJP_AdaptiveCloudUpdates.pdf
sdosamut
1
110
フロントエンドも盛り上げたい!フロントエンドCBとAmplifyの軌跡
mkdev10
2
270
Cursor AgentによるパーソナルAIアシスタント育成入門―業務のプロンプト化・MCPの活用
os1ma
13
4.5k
AWSLambdaMCPServerを使ってツールとMCPサーバを分離する
tkikuchi
1
2.9k
Ops-JAWS_Organizations小ネタ3選.pdf
chunkof
2
140
AI AgentOps LT大会(2025/04/16) Algomatic伊藤発表資料
kosukeito
0
140
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Optimizing for Happiness
mojombo
377
70k
Designing for humans not robots
tammielis
252
25k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
The Language of Interfaces
destraynor
157
24k
Being A Developer After 40
akosma
91
590k
Unsuck your backbone
ammeep
670
57k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Transcript
ͳΜͰ#1'ͰΔ࣌ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ
γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ
@ GMOϖύϘ ΤϯδχΞΧϑΣʢԬࢢẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ͖ͳLinux Namespace: Time Namespace * ࠷ۙݴޠ࣮ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...
͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ<F#1'JENNJ>Ͱݕࡧ wͳΜΧʔωϧͰ҆શߴʹϑΟϧλ͢Δٕज़
F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠
BPF_PROG_TYPE_CGROUP_DEVICE
DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPXEFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU
DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑ϩάΛͨ͠ΓͰ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ
σϞϓϩάϥϜ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋ΕΛฦ͢ σϑΥϧτΛฦ͢
Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ
Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢
None
ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰͰ͖·ͤΜʣ ଞͷσόΠε0,
͔͜͜Β༨ஊ
3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ
Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF
format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ༁͢Δ
໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελݸʢݸΛਪʣ w໋ྩՄมɺҾ3 3ɺҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελݸ w໋ྩݪଇݻఆʢCJUɺඞཁͳ߹CJUʣ wҾ3 3ɺฦ٫ඞͣ3
มͷྫ
·ͱΊʁ
ॴײͱ͔ w#1'ϓϩάϥϜͷதͰɺσόΠεΞΫηεϑΟϧλ খ͍࣮͞Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞ΜσόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ