Rezultati pretraživanja
  1. 23. stu 2019.

    isn’t filtering syscalls, it’s separating the system worlds fundamentally with Sentry, the userland kernel that does syscall emulation. As the attacker gets closer to the host, they’ll see smaller attack surface. I drew this diagram for the security blog with the authors.

  2. 21. sij

    Someone just implemented slirp4netns with 's netstack. Pretty cool🤩

  3. 3. svi 2018.

    "gVisor may be the biggest development since Kubernetes itself"

  4. 23. svi 2018.

    For a noob dev like me, it would be very hard to hack . You see, it said clearly that there's "no stack overflow". Where should I copy & paste codes for my patches then?

  5. 24. tra 2019.

    There were two ways to implement checkpoint/restore for Linux Containers: use existing Linux kernel API-s () or write own lightweight kernel with in-kernel C/R (). Today we can see that both ways required approximately the same amount of efforts.

  6. 2. svi 2018.

    I threw together a demo of using gVisor's runsc command to illustrate how it can mitigate vulnerabilities like dirty cow

  7. 1. lis 2019.
  8. 14. srp 2018.

    Here's a blog post introducing a new technology from . It's essentially a sandbox technology like but with better containment properties

  9. 25. lip 2019.
    Prikaži ovu nit
  10. 19. lip 2018.

    hidden features: our interns are currently working on hooking up our built-in Checkpoint/Restore feature to the runsc API. I hope it will be ready soon! See e.g. and

  11. 26. kol 2019.

    works with to fix their demo container image to be runnable on top of and

  12. 2. svi 2018.
  13. 2. svi 2018.

    The container security space is only getting better with time. is an OCI compatible runtime you can use with and . More isolation than runc, less overhead than a full VM.

    Prikaži ovu nit
  14. 26. svi 2018.

    Just mechanically generated 1941 cases to test on Docker. Then used to help analyse and pin point to some of easiest test cases to reproduce bugs. These dataframes were for `open` syscall returning 13 and 20 on some random files. Data analytics meet syscalls ;-)

  15. 4. velj 2019.

    If you like and want to import some of its Go packages directly without using Bazel, built an awesome mirror: Instructions in the repo description.

  16. 3. svi 2018.
    Prikaži ovu nit
  17. 19. lis 2019.
  18. 26. kol 2018.

    Thanks to , I'm able to use with crostini on my chromebook.

  19. 20. svi 2018.

    Getting familiar with takes time because it's actually a HUGE surface of Linux. Good news to me is that it's written in Golang, so easier to grok than C. Anyway, I'm still scratching only the surface.

  20. 24. tra 2019.

    Thanks Jeff Meyerson interviewed on ! gVisor is important to help secure user codes/containers running in multi-tenant env. , e.g. Cloud Run, App Engines, etc. plus useful in GKE sandbox. github at

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.