Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Device access filtering in cgroup v2

2cf373725ded741824c50fd571eda6e1?s=47 KONDO Uchio
October 09, 2021
Technology
0
150

Device access filtering in cgroup v2

第15回 コンテナ技術の情報交換会@オンライン -> https://ct-study.connpass.com/event/223739/

2cf373725ded741824c50fd571eda6e1?s=128

KONDO Uchio

October 09, 2021
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
2cf373725ded741824c50fd571eda6e1?s=48 udzura
0
130
2cf373725ded741824c50fd571eda6e1?s=48 udzura
10
4.3k
2cf373725ded741824c50fd571eda6e1?s=48 udzura
0
24
2cf373725ded741824c50fd571eda6e1?s=48 udzura
8
2.6k
2cf373725ded741824c50fd571eda6e1?s=48 udzura
1
510
2cf373725ded741824c50fd571eda6e1?s=48 udzura
1
350
2cf373725ded741824c50fd571eda6e1?s=48 udzura
1
170
2cf373725ded741824c50fd571eda6e1?s=48 udzura
2
350
2cf373725ded741824c50fd571eda6e1?s=48 udzura
0
560

Other Decks in Technology

See All in Technology
C74499162d9791bcc12c66a8a8ddc26f?s=48 otl
0
540
B4dde7c05044041075d7e55d705e9cc3?s=48 youmitsu
0
140
96c31fe94f5e9b0eef4a606eaadcbc04?s=48 yoshiiryo1
0
520
648cff4d467bb490796a225da8f33797?s=48 onysuke
1
160
B5c9915c0275ce635a5e182e6a37c6ce?s=48 k1style
0
340
49f49940f0831a426745c028684bcdad?s=48 hatena
0
2.6k
4e523d3c4d6047382d22f61ebe53c554?s=48 ore88ore
0
1.4k
8fa31051503b09846584c49cd53d2f80?s=48 asei
0
240
5decf7f10129094643082b24a97a89ad?s=48 nalpan
0
360
97d180294474e9df01503148f3b11f39?s=48 lambda
0
2.7k
D0acab281cd715f03af84f51ebd71faa?s=48 utam0k
4
460
0ed10d1154c696886ca483fe827cb299?s=48 thatjeffsmith
0
310

Featured

See All Featured
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
118
26k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
594
210k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
122
5.1k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
227
8.9k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
218
16k
C1daf20e5c49ff910745198ef9869ac2?s=48 hatefulcrawdad
256
17k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.6k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
335
16k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
152
6.9k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
633
49k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
778
200k

Transcript

  1. ͳΜͰ΋#1'Ͱ΍Δ࣌୅ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ

  2. γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ

    @ GMOϖύϘ ΤϯδχΞΧϑΣʢ෱Ԭࢢ੺ẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ޷͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ޷͖ͳLinux Namespace: Time Namespace * ࠷ۙ͸ݴޠ࣮૷ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...

  3. ͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ͸<F#1'JENNJ>Ͱݕࡧ wͳΜ΍ΧʔωϧͰ҆શߴ଎ʹϑΟϧλ͢Δٕज़

  4. F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢೺ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠

  5. BPF_PROG_TYPE_CGROUP_DEVICE

  6. DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPX΍EFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU

  7. DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑͹ϩάΛ࢒ͨ͠Γ΋Ͱ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ

  8. σϞϓϩάϥϜ

  9. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ

  10. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋Ε͹Λฦ͢ σϑΥϧτΛฦ͢

  11. Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ

  12. Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢

  13. None

  14. ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰ΋Ͱ͖·ͤΜʣ ଞͷσόΠε͸0,

  15. ͔͜͜Β༨ஊ

  16. 3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ௚઀#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ੒͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ

  17. ࢓૊Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF

    format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ຋༁͢Δ

  18. ໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελ͸ݸʢݸΛਪ঑ʣ w໋ྩ͸Մม௕ɺҾ਺͸3 3ɺ೚ҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελ͸ݸ w໋ྩ͸ݪଇݻఆ௕ʢCJUɺඞཁͳ৔߹CJUʣ wҾ਺͸3 3ɺฦ٫஋͸ඞͣ3

  19. ม׵ͷྫ

  20. ·ͱΊʁ

  21. ॴײͱ͔ w#1'ϓϩάϥϜͷதͰ΋ɺσόΠεΞΫηεϑΟϧλ͸ খ͍࣮͞૷Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮૷Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞Μ΋σόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ