mirror of
https://github.com/netbirdio/gvisor.git
synced 2026-05-22 17:12:49 -07:00
Andrei Vagin
192bfb03fb
The systrap platform like the ptrace platform uses stub processes to manage the user address space. The difference is how they intercept system calls and other events like memory faults, exceptions, etc. In case of systrap, all events that have to be handled by the Sentry trigger signals that are handled by a custom signal handler installed on stub processes. The signal handler switches control to the Sentry. Here are a few other optimizations: * On x86, system calls can be replaced with a function call to remove overhead of signals. * For fast interactions of sentry and stub processes, futex wait/wake can be a bottle neck, so we use a polling mode. The platform is launched for the purpose of testing and gathering initial feedback. It is not yet ready for use in production. PiperOrigin-RevId: 511650064
22 lines
752 B
Go
22 lines
752 B
Go
// Copyright 2021 The gVisor Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package systrap
|
|
|
|
import "gvisor.dev/gvisor/pkg/seccomp"
|
|
|
|
func appendSysThreadArchSeccompRules(rules []seccomp.RuleSet) []seccomp.RuleSet {
|
|
return rules
|
|
}
|