Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Device access filtering in cgroup v2
Search
KONDO Uchio
October 09, 2021
Technology
1
870
Device access filtering in cgroup v2
第15回 コンテナ技術の情報交換会@オンライン ->
https://ct-study.connpass.com/event/223739/
KONDO Uchio
October 09, 2021
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
230
Narrative of Ruby & Rust
udzura
0
210
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
430
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
760
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
710
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
800
生産性を可視化したい! / SUZURI's four keys
udzura
11
5.4k
Other Decks in Technology
See All in Technology
MCPが変えるAIとの協働
knishioka
1
130
社会人力と研究力ー博士号をキャリアの武器にするー
kentaro
2
100
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
2
460
C++26アップデート 2025-03
faithandbrave
0
1.2k
10ヶ月かけてstyled-components v4からv5にアップデートした話
uhyo
5
450
Part1 GitHubってなんだろう?その2
tomokusaba
0
240
Mastraに入門してみた ~AWS CDKを添えて~
tsukuboshi
0
390
Twelve-Factor-Appから学ぶECS設計プラクティス/ECS practice for Twelve-Factor-App
ozawa
3
160
AndroidアプリエンジニアもMCPを触ろう
kgmyshin
2
600
続・やっぱり余白が大切だった話
kakehashi
PRO
2
180
生成AIによるCloud Native基盤構築の可能性と実践的ガードレールの敷設について
nwiizo
7
1.4k
白金鉱業Meetup_Vol.18_生成AIはデータサイエンティストを代替するのか?
brainpadpr
4
230
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
We Have a Design System, Now What?
morganepeng
52
7.5k
Facilitating Awesome Meetings
lara
54
6.3k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.3k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
A better future with KSS
kneath
239
17k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.6k
It's Worth the Effort
3n
184
28k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Unsuck your backbone
ammeep
671
57k
Transcript
ͳΜͰ#1'ͰΔ࣌ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ
γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ
@ GMOϖύϘ ΤϯδχΞΧϑΣʢԬࢢẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ͖ͳLinux Namespace: Time Namespace * ࠷ۙݴޠ࣮ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...
͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ<F#1'JENNJ>Ͱݕࡧ wͳΜΧʔωϧͰ҆શߴʹϑΟϧλ͢Δٕज़
F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠
BPF_PROG_TYPE_CGROUP_DEVICE
DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPXEFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU
DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑ϩάΛͨ͠ΓͰ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ
σϞϓϩάϥϜ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋ΕΛฦ͢ σϑΥϧτΛฦ͢
Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ
Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢
None
ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰͰ͖·ͤΜʣ ଞͷσόΠε0,
͔͜͜Β༨ஊ
3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ
Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF
format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ༁͢Δ
໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελݸʢݸΛਪʣ w໋ྩՄมɺҾ3 3ɺҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελݸ w໋ྩݪଇݻఆʢCJUɺඞཁͳ߹CJUʣ wҾ3 3ɺฦ٫ඞͣ3
มͷྫ
·ͱΊʁ
ॴײͱ͔ w#1'ϓϩάϥϜͷதͰɺσόΠεΞΫηεϑΟϧλ খ͍࣮͞Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞ΜσόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ