Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Device access filtering in cgroup v2

Avatar for KONDO Uchio KONDO Uchio
October 09, 2021
Technology
1
990

Device access filtering in cgroup v2

第15回 コンテナ技術の情報交換会@オンライン -> https://ct-study.connpass.com/event/223739/

Avatar for KONDO Uchio

KONDO Uchio

October 09, 2021
Tweet

More Decks by KONDO Uchio

See All by KONDO Uchio
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
Avatar for KONDO Uchio udzura
5
2.5k
Ruby x BPF in Action / RubyKaigi 2022
Avatar for KONDO Uchio udzura
0
290
Narrative of Ruby & Rust
Avatar for KONDO Uchio udzura
0
260
開発者生産性指標の可視化 / pepabo-four-keys
Avatar for KONDO Uchio udzura
3
1.8k
Talk of RBS
Avatar for KONDO Uchio udzura
0
490
Re: みなさん最近どうですか? / FGN tech meetup in 2021
Avatar for KONDO Uchio udzura
0
840
Dockerとやわらかい仮想化 - ProSec-IT/SECKUN 2021 edition -
Avatar for KONDO Uchio udzura
2
800
"Story of Rucy" on RubyKaigi takeout 2021
Avatar for KONDO Uchio udzura
0
890
生産性を可視化したい! / SUZURI's four keys
Avatar for KONDO Uchio udzura
11
5.5k

Other Decks in Technology

See All in Technology
猫でもわかるKiro CLI(AI 駆動開発への道編)
Avatar for Hiroo Katoh kentapapa
0
260
システム標準化PMOから ガバメントクラウドCoEへ
Avatar for 高橋広和 techniczna
1
140
Yahoo!ショッピングのレコメンデーション・システムにおけるML実践の一例 
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
220
It’s “Time” to use Temporal
Avatar for Saji sajikix
3
220
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
Avatar for GMO Flatt Security flatt_security
0
1.8k
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
Avatar for SMS tech sms_tech
3
900
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
Avatar for oracle4engineer oracle4engineer
PRO
0
170
GCASアップデート(202601-202603)
Avatar for 高橋広和 techniczna
0
220
AlloyDB 奮闘記
Avatar for hatappi hatappi
0
150
決済サービスを支えるElastic Cloud - Elastic Cloudの導入と推進、決済サービスのObservability
Avatar for suzukij suzukij
2
660
プラットフォームエンジニアリングはAI時代の開発者をどう救うのか
Avatar for Kazuto Kusama jacopen
7
3.8k
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
27k

Featured

See All Featured
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.2k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.6k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
1
3.5k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.8k
Done Done
Avatar for chrislema chrislema
186
16k
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
63k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
62
52k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.8k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
3
450
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.1k

Transcript

  1. ͳΜͰ΋#1'Ͱ΍Δ࣌୅ͳΜͩͳΝ 6DIJP,POEP(.01FQBCP *OD DHSPVQWͷ σόΠεΞΫηεϑΟϧλ

  2. γχΞɾϓϦϯγύϧΤϯδχΞ ۙ౻ Ӊஐ࿕ / @udzura https://blog.udzura.jp/ Uchio Kondo ٕज़෦ ٕज़ج൫νʔϜ/σʔλج൫νʔϜ

    @ GMOϖύϘ ΤϯδχΞΧϑΣʢ෱Ԭࢢ੺ẂנจԽձؗʣ αϙʔλʔ Duolingo Diamond Leaguer 💎 * ޷͖ͳγεςϜίʔϧ: open_by_handle_at(2) * ޷͖ͳLinux Namespace: Time Namespace * ࠷ۙ͸ݴޠ࣮૷ʼOSࣗ࡞ʼBPFɺίϯςφɺͱ͍͏ײ͡...

  3. ͜Ε·Ͱͷ͋Β͢͡ wF#1'ͱ͍͏ٕज़͕͋Δ w<F#1'DIJLVXBJU>·ͨ͸<F#1'JENNJ>Ͱݕࡧ wͳΜ΍ΧʔωϧͰ҆શߴ଎ʹϑΟϧλ͢Δٕज़

  4. F#1'ͷϓϩάϥϜλΠϓ wW w ଟ͗ͯ͢೺ѲͰ͖ͳ͍ͷͰ ୭͔෩དྷͷγϨϯʹྫ͑ͯ؆ܿʹڭ͑ͯཉ͍͠

  5. BPF_PROG_TYPE_CGROUP_DEVICE

  6. DHSPVQWͷσόΠεΞΫηε੍ݶ wEFWJDFTͱ͍͏αϒγεςϜ͕͋ͬͨ wಛఆͷϑΥʔϚοτͰEFWJDFTBMMPX΍EFWJDFTEFOZʹॻ͖ࠐΉ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWEFWJDFTUYU

  7. DHSPVQWͰͷσόΠεΞΫηε੍ݶ wJOUFSGBDFpMF͕ͳ͘ͳΔʢʂʣ w#1'@$(3061@%&7*$&ͳϓϩάϥϜΛDHSPVQʹΞλον͢Δͱͷ͜ͱ wϓϩάϥϜͰΑΓࡉ੍͔͘ޚՄೳԿͳΒྫ͑͹ϩάΛ࢒ͨ͠Γ΋Ͱ͖Δ IUUQTXXXLFSOFMPSHEPD%PDVNFOUBUJPODHSPVQWUYUɹ

  8. σϞϓϩάϥϜ

  9. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ

  10. ϑΟϧλ͢ΔϓϩάϥϜʢ$Ͱॻ͘ʣ ηΫγϣϯ໊ͷࢦఆ EFWVSBOEPNͰ͋Ε͹Λฦ͢ σϑΥϧτΛฦ͢

  11. Ϗϧυ͢Δ ͖ͬ͞ͷ$ίʔυ͕͜͏͍͏ #1'ϓϩάϥϜʹίϯύΠϧ͞Ε͍ͯΔ

  12. Ξλον͢Δ w΄΅Χʔωϧಉࠝͷ αϯϓϧίʔυͦͷ ··Ͱ͕͢

  13. None

  14. ΧϨϯτϓϩηε͕UFTUCQGʹॴଐ͍ͯ͠Δ WͳͷͰͷߦͷΈݟΔ EFWVSBOEPNʹΞΫηεͰ͖ͳ͍ ʢͪͳΈʹSPPUͰ΋Ͱ͖·ͤΜʣ ଞͷσόΠε͸0,

  15. ͔͜͜Β༨ஊ

  16. 3VDZͱ͍͏ϓϩάϥϜΛ࡞ͬͨ w3VCZͷεΫϦϓτΛ௚઀#1'ʹ͠·͢ SVDZίϚϯυͰΦϒδΣΫτϑΝΠϧΛ ੜ੒͠ɺಉ༷ʹϩʔυ͢Δͱ༗ޮʹͳΔ

  17. ࢓૊Έ Ruby Script mruby OpCodes BPF OpCodes BPF Object (ELF

    format) mruby Rucy transpiler wNSVCZͷ0Q$PEFΛ࡞ΓɺͦΕΛ#1'0Q$PEFʹ຋༁͢Δ

  18. ໋ྩηοτͷൺֱʢҰ෦ʣ wNSVCZ wϨδελϚγϯ7.ɺϨδελ͸ݸʢݸΛਪ঑ʣ w໋ྩ͸Մม௕ɺҾ਺͸3 3ɺ೚ҙͷϨδελΛฦ٫Մ w#1' wϨδελϚγϯ7.ɺϨδελ͸ݸ w໋ྩ͸ݪଇݻఆ௕ʢCJUɺඞཁͳ৔߹CJUʣ wҾ਺͸3 3ɺฦ٫஋͸ඞͣ3

  19. ม׵ͷྫ

  20. ·ͱΊʁ

  21. ॴײͱ͔ w#1'ϓϩάϥϜͷதͰ΋ɺσόΠεΞΫηεϑΟϧλ͸ খ͍࣮͞૷Ͱࢼ͢͜ͱ͕Ͱ͖ΔͷͰɺ 3VDZͷ࣮૷Λ͢Δࡍʹςετઌͱͯ͠ศརͩͬͨɻ wΈͳ͞Μ΋σόΠεΞΫηεϑΟϧλ͔Β#1'࢝Ί·ͤΜ͔ʁ