人間たちとsystemd

TZTUFNEͬ͘͟Γೖ໳ GMO Pepabo, Inc. Uchio Kondo 2016/04/23 ίϯςφܕԾ૝Խͷ৘ใަ׵ձˏ෱Ԭ ਓؒͨͪͱTZTUFNE

ਓؒͷ঺հ

ۙ౻͏͓ͪ (.0ϖύϘॴଐ ٕज़ج൫νʔϜ ෱Ԭࢧࣾۈ຿ 'VLVPLBSC
3BJMT(JSMT'VLVPLB૯߹ࡶ༻ίʔν·ͱΊ

ڵຯ 3VCZ(PMBOHΛগʑ %PDLFS-9$ 1VQQFU )BTIJDPSQUPPMT
0QFO4UBDL &MFDUSPO3FBDU IUUQXXXTMJEFTIBSFOFUVE[VSBIBTIJDPSQUPPMT

ZFBSTPME3VCZJTU 3BJMT͝Ζ͔ΒͷϧϏʔετ d 3VCZΛ͜͡Βͤͯஶ࡞͋Γ 8FC %#1SFTT3VCZ࿈ࡌ
d ύʔϑΣΫτ3VCZ ύʔϑΣΫτ3BJMT 8FC %#1SFTTWPM৽ਓಛू߸</FX>

'PVOEFSPG

੍ݶࣄ߲ 04ͳͲͷϨΠϠʔɺਖ਼௚Θ͔͍ͬͯͳ͍͠ɺ  Χʔωϧͷίʔυ΋ಡΜͩ͜ͱ͕͋Γ·ͤΜ ʮ࣮͸ʜʜ͖͔ͬ͞Β଍͕਒͍͑ͯΔοʜʜʯ

ਓؒͨͪͷͨΊͷ  TZTUFNE֓ཁ

JOJUʢ͋Δ͍͸ͦͷ୅ସʣ ࠷ॳʹىಈͯ͠ɺͨ͘͞ΜͷαʔϏεͲ΋Λ  ্ཱͪ͛ͯ؅ཧ͢Δ $FOU04ͳͲʜTZTWJOJU $FOU046CVOUVʜ6QTUBSU 049ʜMBVODIE
ʜʜ

JOJUTDSJQU

6QTUBSU

TZTUFNEͬ͘͟Γ ࠾༻ σΟετϦ αʔϏε  ఆٛ 04  റΓ DHSPVQ OBNFTQBDF ͱ࿈ܞ
ૢ࡞ίϚϯυ JOJU TDSJQU $FOU04 ͳͲ͍Ζ͍Ζ JOJUTDSJQU  4IFMMεΫϦϓτ ͳ͍ εΫϦϓτ௚  TFSWJDF 6QTUBSU $FOU04 ࠷ۙ·Ͱͷ 6CVOUV ಠࣗܗࣜͷ  DPOG FUDJOJU DPOG ͳ͍ TFSWJDFJOJUDUM TZTUFNE $FOU04d 6CVOUVd ΄͔ 6OJUϑΝΠϧ -JOVY  ͷΈ ΍͍ͬͯ͘ TZTUFNDUM  TFSWJDF ˞6CVOUV͔Βར༻͸Մೳ

3FUIJOLJOHPG1*% ௕จ͕ͩʜ ͬ͘͟Γ ىಈεΫϦϓτɺ݁ہશ෦γΣϧεΫϦϓτͩͬͨΓɺҰ ݸҰݸىಈͰ͠ΜͲ͔ͬͨΓɺDHSPVQͱ͔φ΢ౕ͍ͱͷ ࿈ܞ΋େมͩΑͶʜʜ
ͦ͜ͰTZTUFNEɺͱ͍͏ײ͡Β͍͠ ˞IUUQQPJOUFSEFCMPHQSPKFDUTTZTUFNEIUNM

TZTUFNEΛ ࢖ͬͯΈΔ

6OJUϑΝΠϧ ಠࣗܗࣜ JOJ෩ એݴత ʮUBSHFUʯʮNPVOUʯʮTFSWJDFʯʮEFWJDFʯ ͳͲͷछྨ͕͋Δ
6OJUಉ࢜͸ґଘؔ܎͕͋Δ

ྫόΠφϦҰݸͷαʔϏε

ྫόΠφϦҰݸͷαʔϏε આ໌ͷ΄͔ɺґଘ͢Δ6OJUϑΝΠϧɺ  ىಈॱংΛهड़ ίϚϯυɺ࣮ߦϢʔβʔɺ  લޙʹൃߦ͢ΔίϚϯυɺ؀ڥม਺ɺ  DHSPVQTͷ੍ݶͳͲ ϥϯϨϕϧ૬౰Λهड़

ྫఆظ࣮ߦλΠϚʔ

-PHHJOH KPVSOBMEͱ͍͏αʔϏε͕୲౰͢Δ TZTUFNEͷҰ෦ͱ͍͏ѻ͍ αʔϏεଆ͸ɺجຊ͸ͱʹ͔͘ඪ४ग़ྗʹϩάΛग़ͤ͹͍͍ ʢGBDUPSBQQײʣ ᠘TZTUFNEͰ͸ɺKPVSOBMEΛ࠶ىಈ͢Δͱ 
αʔϏε͕མͪΔ͜ͱ΋͋Δʜʜ $FOU04ͷσϑΥϧτ $FOU04ͰTZTUFNEʹͳΓɺ௚ͬͯΔ

TZTUFNEͱ  Ϧιʔε੍ݶ

VMJNJU ϦιʔεΛ͍͍ײ͡ʹ੍ݶ͢Δ΍ͭ $16ɺϝϞϦɺϑΝΠϧσΟεΫϦϓλ਺ʜʜ

6OJUϑΝΠϧ 6OJUϑΝΠϧ͸γΣϧεΫϦϓτ͡Όͳ͍ JOJUεΫϦϓτΈ͍ͨʹVMJNJUΛॻ͚͹͍͍ͱ͍ ͏࿩͡Όͳ͍ VMJNJU͸όΠφϦͰ͸ͳ͍ͷͰ&YFD4UBSU1SFͰΩοΫͰ͖ ͳ͍ɺͳͲ
όΠφϦͻͱͭΈ͍ͨͳͱ͖͸ɺϥούʔΛ͔· ͢ʁ͍΍͍΍ʜʜ

NBOTZTUFNEFYFD IUUQXXXGSFFEFTLUPQPSHTPGUXBSFTZTUFNENBOTZTUFNEFYFDIUNM-JNJU$16

NBOTZTUFNEFYFD 6OJUϑΝΠϧʹએݴతʹॻ͘ˠΘ͔Γ΍͍͢ʂ VMJNJUͰ͍͏ͲΕʹ૬౰͢Δ͔͕ॻ͍ͯ͋ͬͯ ศར > LimitCPU= ➡ ulimit
-t > LimitRSS= ➡ ulimit -m > LimitNOFILE= ➡ ulimit -n

ηοτ͢ΔͱͲ͏ͳΔʁ

͜͏͍͏ײ͡ʹͳΔ ແࣄɺ$16Λඵ઎༗ͨ͠ޙLJMM͞ΕΔ

΋͏Ұͭͷํ๏ NBOTZTUFNESFTPVSDFDPOUSPM

DHSPVQͱͷ ࿈ܞ

TZTUFNEDHUPQ

$162VPUBͯ͠Έ·͠ΐ͏

ͳΔ΄Ͳ

DHSPVQͳͷͰ ಈతʹϦιʔεͷར༻཰Λมߋ͢Δ͜ͱ΋Մೳ EFNP͠·͢

Ͳ͕͍͍ͬͪΜͩΖ͏ʜʜ NBOݟͨײ͡ͷҹ৅ɺSFTPVSDFDPOUSPMԡ͠ɻ l"MTPOPUFUIBU-JNJU344JTOPU JNQMFNFOUFEPO-JOVY BOETFUUJOHJUIBTOP F⒎FDUz
VMJNJU͔ΒҠߦ͠΍͍͢Α͏ʹ-JNJU ͕͋Δײ͡ɻ ͳΔ΂͘SFTPVSDFDPOUSPMͨ͠΄͏͕͍͍ͷͰ͸

TZTUFNEͱ ϑΝΠϧγεςϜͷl෼཭z

1SJWBUF5NQઃఆ

ࣗಈͰσΟϨΫτϦ͕Ͱ͖Δ ˞αʔϏεΛམͱ͢ͱσΟϨΫτϦ΋ফ͑Δ

αʔϏεଆͰ͸UNQ

ਂ௥͍ ىಈલʹ ϑΝΠϧγεςϜΛVOTIBSF͢Δ UNQΛUNQTZTUFNEQSJWBUF ʹ  όΠϯυϚ΢ϯτ͢Δ
ͱ͍͏͚ͩ ͳͷͰਖ਼֬ʹ͸ɺNPVOUOBNFTQBDFͷ෼཭Λ ར༻͍ͯ͠Δ

VOTIBSF ͱ͸ -JOVYOBNFTQBDFͱ͸ ϓϩηε͝ͱʹɺΞΫηεͰ͖ΔϦιʔεΛ෼͚Δ͜ͱ͕ Ͱ͖Δػೳ VOTIBSFΛݺͿͱ౰֘ϓϩηεͰ 
৽͍͠ωʔϜεϖʔεΛ࡞Δ  ʢNPVOUɺωοτϫʔΫɺ1*%ʜʜʣ

TZTUFNEͷྫ NOUͷωʔϜεϖʔε ͚͕ͩมΘ͍ͬͯΔ ͜ͱ͕Θ͔Δ

ͦͷଞͷNPVOU෼཭ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ

3FBE0OMZ%JSFDUSJFT

ͦͷϓϩηε͔Β͸มߋͰ͖ͳ͍ ҰํͰɺଞͷϓϩηε͔Β͸Մೳ

ͦͷϓϩηεͰ͸ ͪ͜Β΋ɺVOTIBSF͞Εͨ͋ͱɺ  FUDSFBEPOMZUFTUΛSPͰόΠϯυϚ΢ϯτ͠ͳ͓ ͍ͯ͠Δ͜ͱ͕Θ͔Δ ҰํɺଞͷϓϩηεͰ͸ͦͷϚ΢ϯτ͕֬ೝͰ͖ͳ͍

΋͏গ͚ͩ͠ ਂ௥͍

VOTIBSFʹͳΖ͏ IJCPNB͞Μͱ͍͏ํͷهࣄ SVCZͰVOTIBSF ݺͼग़ͯ͠Ϛ΢ϯτ໊લۭؒΛ෼཭ IUUQEIBUFOBOFKQIJCPNB
֦ுϥΠϒϥϦॻ͔ͳͯ͘ݺͼग़ͤΔΑ͏ͳͷ Ͱศར

JSCͰ΍Ζ͏

TZTUFNE ͨͩͷJOJUͷ୅ସͰ͸ͳ͍ DHSPVQ΍-JOVYOBNFTQBDFͱ  ݁ߏີ઀ʹ࿈ܞͰ͖ɺ৭ʑͳ࢖͍ಓ͕͋Γͦ͏ ʢͦ͏͍͑͹ׂѪ͠·͕ͨ͠ɺDBQBCJMJUZ΋͍͡Ε·͢ʣ > CapabilityBoundingSet=CAP_NET_ADMIN
CAP_NET_RAW …

TZTUFNEͷϝϦοτॴײ 6OJUϑΝΠϧͰએݴతʹαʔϏεఆٛɺ  ґଘɺϦιʔεͷ഑෼ɺ෼཭ΛఆٛͰ͖Δ DHSPVQMJOVYOBNFTQBDFͷৄࡉͳ"1*ʹ  ৄ͘͠ͳͯ͘΋ɺTZTUFNEͷσΟϨΫςΟϒ͕ ϥοϓͯ͘͠ΕΔͷͰɺ༰қʹར༻Ͱ͖Δ TZTUFNE͸ਓؒͨͪʹ༏͍͠ʂ

DPOUBJOFSWTTZTUFNE TZTUFNE͚ͩͰ΋Ͱ͖Δ͜ͱ͕݁ߏ͋Δ Ͱ͖ͳ͍͜ͱ΋͋Δɻ1*%ͷ෼཭ͱ͔͕ͦ͏ %PDLFSͱTZTUFNEͷ࿈ܞͷྫ΋͋Δ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ
૬൓͢Δ΋ͷͰ΋ͳ͘ɺಘҙ෼໺Ͱ࢖͍෼͚

5SZ TZTUFNE

ࢀߟจݙ 4ZTUFNEೖ໳γϦʔζ JEFOBLBJ͞Μ IUUQFOBLBJIBUFOBCMPHDPNFOUSZ ͱ͍͏͔ඇৗʹৄ͘͠ɺ๻ͷൃදཁΔΜͩΖ͏͔ʜʜ
TZTUFNEపఈೖ໳!-JOVYঁࢠ෦ ಉ IUUQXXXTMJEFTIBSFOFUFOBLBJMJOVY ๻ͷൃදSZ DPOTVMUFNQMBUFΛTZTUFNEͰಈ͔͢ͱ͖ͷֶͼ IUUQUPNPIJTBPEBDPNQPTUTVTF@TZTUFNE@XJUI@DPOTVMUFNQMBUFIUNM

人間たちとsystemd

人間たちとsystemd

More Decks by KONDO Uchio

Other Decks in Technology

Featured

Transcript