Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Device access filtering in cgroup v2
Search
KONDO Uchio
October 09, 2021
Technology
1
920
Device access filtering in cgroup v2
第15回 コンテナ技術の情報交換会@オンライン ->
https://ct-study.connpass.com/event/223739/
KONDO Uchio
October 09, 2021
Tweet
Share
More Decks by KONDO Uchio
See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
5
2.4k
Ruby x BPF in Action / RubyKaigi 2022
udzura
0
250
Narrative of Ruby & Rust
udzura
0
220
開発者生産性指標の可視化 / pepabo-four-keys
udzura
3
1.7k
Talk of RBS
udzura
0
450
Re: みなさん最近どうですか? / FGN tech meetup in 2021
udzura
0
780
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
udzura
2
730
"Story of Rucy" on RubyKaigi takeout 2021
udzura
0
840
生産性を可視化したい! / SUZURI's four keys
udzura
11
5.4k
Other Decks in Technology
See All in Technology
そもそも AWS FIS について。なぜ今 FIS のハンズオンなのか?などなど
kazzpapa3
2
120
ML Pipelineの開発と運用を OpenTelemetryで繋ぐ @ OpenTelemetry Meetup 2025-07
getty708
0
240
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
sat
PRO
7
5.8k
2025/07/22_家族アルバム みてねのCRE における生成AI活用事例
masartz
2
110
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
nttcom
1
160
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
you
PRO
3
320
RapidPen: AIエージェントによる高度なペネトレーションテスト自動化の研究開発
laysakura
1
390
手動からの解放!!Strands Agents で実現する総合テスト自動化
ideaws
2
290
20250719_JAWS_kobe
takuyay0ne
1
160
Data Engineering Study#30 LT資料
tetsuroito
1
560
TROCCO今昔
gtnao
0
210
Bliki (ja), and the Cathedral, and the Bazaar
koic
8
1.3k
Featured
See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Facilitating Awesome Meetings
lara
54
6.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Raft: Consensus for Rubyists
vanstee
140
7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Writing Fast Ruby
sferik
628
62k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
990
4 Signs Your Business is Dying
shpigford
184
22k
Transcript
ͳΜͰ#1'ͰΔ࣌ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ
γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ
@ GMOϖύϘ ΤϯδχΞΧϑΣʢԬࢢẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ͖ͳLinux Namespace: Time Namespace * ࠷ۙݴޠ࣮ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...
͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ<F#1'JENNJ>Ͱݕࡧ wͳΜΧʔωϧͰ҆શߴʹϑΟϧλ͢Δٕज़
F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠
BPF_PROG_TYPE_CGROUP_DEVICE
DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPXEFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU
DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑ϩάΛͨ͠ΓͰ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ
σϞϓϩάϥϜ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ
ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋ΕΛฦ͢ σϑΥϧτΛฦ͢
Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ
Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢
None
ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰͰ͖·ͤΜʣ ଞͷσόΠε0,
͔͜͜Β༨ஊ
3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ
Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF
format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ༁͢Δ
໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελݸʢݸΛਪʣ w໋ྩՄมɺҾ3 3ɺҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελݸ w໋ྩݪଇݻఆʢCJUɺඞཁͳ߹CJUʣ wҾ3 3ɺฦ٫ඞͣ3
มͷྫ
·ͱΊʁ
ॴײͱ͔ w#1'ϓϩάϥϜͷதͰɺσόΠεΞΫηεϑΟϧλ খ͍࣮͞Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞ΜσόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ