Containers: What are they, Really?

•

0 j'aime•364 vues

The document discusses containerization using Docker. It begins with an overview of Docker commands to run containers with increasing levels of isolation for hostname, process ID, and filesystem/mounting. It then demonstrates how to execute commands in a container using Linux namespaces to isolate processes and filesystems. The document aims to show how Docker containers can isolate and sandbox processes running on a machine.

Logiciels

+ run input commands with arguments
++ add hostname limitations
+++ add process ID limitations
++++ add mount/filesystem limitations

func main() {
switch os.Args[1] {
case "run":
run()
default:
panic("what?")
}
}
func run() {
fmt.Printf("running %vn", os.Args[2:])
cmd := exec.Command(os.Args[2],
os.Args[3:]...)
cmd.Stdin = os.Stdin
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
must(cmd.Run())
}
func must(err error) {
if err != nil {
panic(err)
}
}
---- take inputs and executes them
---- panics with non-”run” command

----- opens shell to “container process”
------ can check hostname
------ can CHANGE hostname!!!

$func run() { fmt.Pintf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } cmd will be executed with linux flag for calling a child process, which runs in a new UTS namespace$

can see all processes on the host
machine

$func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } why can we still the parent namespace? ----- execute cmd in new PID and new UTS namespace$

$func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } ----- let’s try this again but fork off a child process$

----- child process has a PID of one!
can still see processes on host machine
‘ps’ is looking in the /proc directory

$func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) } ------ NEWNS flag for mount namespace is creating a “mount table” for the process, allowing it to have it’s own filesystem$

func child() {
fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid())
cmd := exec.Command(os.Args[2], os.Args[3:]...)
cmd.Stdin = os.Stdin
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
must(syscall.Chroot("/home/rootfs"))
must(os.Chdir("/"))
must(syscall.Mount("proc", "proc", "proc", 0, ""))
must(cmd.Run())
}
TODO
Need a new root filsystem
w/ empty /proc directory

Source: https://docs.docker.com/engine/understanding-docker/
https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html#rkt-vs-docker

Source: https://github.com/nkhare/container-orchestration/blob/master/kubernetes/README.md

CNCF (cloud native computing foundation)

●
●
, Julien Friedman
● My demo code - @si74 on github
● An overview of the docker ecosystem

Contenu connexe

Tendances

Object Storage with Gluster

Gluster.org

Small, Simple, and Secure: Alpine Linux under the Microscope

Docker, Inc.

CoreOS intro

Timo Derstappen

The Prometheus monitoring system collects and stores time series data to give valuable insights over hosts, containers, and applications. Its storage engine was designed to be multiple orders of magnitude faster and more space efficient than, say, RRD or SQL storage. However, with the rise of orchestration systems such as Docker Swarm and Kubernetes, and their extensive use of techniques like rolling updates and auto-scaling, environments are becoming increasingly dynamic. This increases the strain on metrics collection systems. To deal with the challenges, a new storage engine has been developed from scratch, bringing a sharp increase in performance and enabling new features. This talk will describe this new storage engine, its architecture, its data structures, and explain why and how it is well suited to gracefully handle high turnover rates of monitoring targets and provide consistent query performance.

How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...

Docker, Inc.

Devinsampa nginx-scripting

Tony Fabeen

Ansible as a better shell script

Takuya Nishimoto

Docker n co

Rohit Jnagal

Monitoring with Syslog and EventMachine

Wooga

Node.js - A Quick Tour

Felix Geisendörfer

Docker and friends at Linux Days 2014 in Prague

tomasbart

nginx: writing your first module

redivy

Testing Wi-Fi with OSS Tools

All Things Open

CoreOS Overview

Victor S. Recio

Who is afraid of privileged containers ?

Marko Bevc

Git/Github/Bitbucket@TalkIt. Humber college.

Andrew Romanenco

Native Containers on Windows 10 & Windows Server 2016 using Docker

Jorge Arteiro

Kubernetes in 20 minutes - HDE Monthly Technical Session 24

lestrrat

Container Torture: Run any binary, in any container

Docker, Inc.

Lessons from running potentially malicious code inside containers

Ben Hall

Docker command

Eric Ahn

Tendances (20)

Object Storage with Gluster

Small, Simple, and Secure: Alpine Linux under the Microscope

CoreOS intro

How and Why Prometheus' New Storage Engine Pushes the Limits of Time Series D...

Devinsampa nginx-scripting

Ansible as a better shell script

Docker n co

Monitoring with Syslog and EventMachine

Node.js - A Quick Tour

Docker and friends at Linux Days 2014 in Prague

nginx: writing your first module

Testing Wi-Fi with OSS Tools

CoreOS Overview

Who is afraid of privileged containers ?

Git/Github/Bitbucket@TalkIt. Humber college.

Native Containers on Windows 10 & Windows Server 2016 using Docker

Kubernetes in 20 minutes - HDE Monthly Technical Session 24

Container Torture: Run any binary, in any container

Lessons from running potentially malicious code inside containers

Docker command

Similaire à Containers: What are they, Really?

Our daily work is comprised of testing a product and improve its quality. However, here and there, we can come to a state where we find a need to build a tool, that can make our work easierbetter. I will share from my experience when I found myself in a situation where building a tool was needed. We will start with a web application that allows you to know when a food delivery you ordered arrives to the office, and then we will focus on a tool that test the performance of an app from the UI side. We will do a live demo for both of them.

QA Fest 2019. Saar Rachamim. Developing Tools, While Testing

QAFest

System Calls.pptxnsjsnssbhsbbebdbdbshshsbshsbbs

ashukiller7

Program Assignment : Process Management Objective: This program assignment is given to the Operating Systems course to allow the students to figure out how a single process (parent process) creates a child process and how they work on Unix/Linux(/Mac OS X/Windows) environment. Additionally, student should combine the code for describing inter-process communication into this assignment. Both parent and child processes interact with each other through shared memory-based communication scheme or message passing scheme. Environment: Unix/Linux environment (VM Linux or Triton Server, or Mac OS X), Windows platform Language: C or C++, Java Requirements: i. You have wide range of choices for this assignment. First, design your program to explain the basic concept of the process management in Unix Kernel. This main idea will be evolved to show your understanding on inter-process communication, file processing, etc. ii. Refer to the following system calls: - fork(), getpid(), family of exec(), wait(), sleep() system calls for process management - shmget(), shmat(), shmdt(), shmctl() for shared memory support or - msgget(), msgsnd(), msgrcv(), msgctl(), etc. for message passing support iii. The program should present that two different processes, both parent and child, execute as they are supposed to. iv. The output should contain the screen capture of the execution procedure of the program. v. Interaction between parent and child processes can be provided through inter-process communication schemes, such as shared-memory or message passing schemes. vi. Result should be organized as a document which explains the overview of your program, code, execution results, and the conclusion including justification of your program, lessons you've learned, comments, etc. Note: i. In addition, please try to understand how the local and global variables work across the processes ii. read() or write () functions are used to understand how they work on the different processes. iii. For extra credit, you can also incorporate advanced features, like socket or thread functions, into your code. Examples: 1. Process Creation and IPC with Shared Memory Scheme ============================================================= #include <stdio.h> #include <sys/shm.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> int main(){ pid_t pid; int segment_id; //allocate the memory char *shared_memory; //pointer to memory const int size = 4096; segment_id = shmget(IPC_PRIVATE, size, S_IRUSR | S_IWUSR); shared_memory = (char *) shmat(segment_id, NULL, 0); pid = fork(); if(pid < 0) { //error fprintf(stderr, "Fork failed"); return 1; } else if(pid == 0){ //child process char *child_shared_memory; child_shared_memory = (char *) shmat(segment_id,NULL,0); //attach mem sprintf(child_shared_memory, "Hello parent process!"); //write to the shared mem shmdt(child_shared_memory); } else ...

Program Assignment Process ManagementObjective This program a.docx

wkyra78

Process monitoring in UNIX shell scripting

Dan Morrill

Shell to be modified #include #include #include #include #include #include #include #include // Simplifed xv6 shell. #define MAXARGS 10 // All commands have at least a type. Have looked at the type, the code // typically casts the *cmd to some specific cmd type. struct cmd { int type; // ' ' (exec), | (pipe), '<' or '>' for redirection }; struct execcmd { int type; // ' ' char *argv[MAXARGS]; // arguments to the command to be exec-ed }; struct redircmd { int type; // < or > struct cmd *cmd; // the command to be run (e.g., an execcmd) char *file; // the input/output file int mode; // the mode to open the file with int fd; // the file descriptor number to use for the file }; struct pipecmd { int type; // | struct cmd *left; // left side of pipe struct cmd *right; // right side of pipe }; int fork1(void); // Fork but exits on failure. struct cmd *parsecmd(char*); // Execute cmd. Never returns. void runcmd(struct cmd *cmd) { int p[2], r; struct execcmd *ecmd; struct pipecmd *pcmd; struct redircmd *rcmd; if(cmd == 0) exit(0); switch(cmd->type){ default: fprintf(stderr, "unknown runcmd\n"); exit(-1); case ' ': ecmd = (struct execcmd*)cmd; if(ecmd->argv[0] == 0) exit(0); fprintf(stderr, "exec not implemented\n"); // Your code here ... break; case '>': case '<': rcmd = (struct redircmd*)cmd; fprintf(stderr, "redir not implemented\n"); // Your code here ... runcmd(rcmd->cmd); break; case '|': pcmd = (struct pipecmd*)cmd; fprintf(stderr, "pipe not implemented\n"); // Your code here ... break; } exit(0); } int getcmd(char *buf, int nbuf) { if (isatty(fileno(stdin))) fprintf(stdout, "$ "); memset(buf, 0, nbuf); fgets(buf, nbuf, stdin); if(buf[0] == 0) // EOF return -1; return 0; } int main(void) { static char buf[100]; int fd, r; // Read and run input commands. while(getcmd(buf, sizeof(buf)) >= 0){ if(buf[0] == 'c' && buf[1] == 'd' && buf[2] == ' '){ // Clumsy but will have to do for now. // Chdir has no effect on the parent if run in the child. buf[strlen(buf)-1] = 0; // chop \n if(chdir(buf+3) < 0) fprintf(stderr, "cannot cd %s\n", buf+3); continue; } if(fork1() == 0) runcmd(parsecmd(buf)); wait(&r); } exit(0); } int fork1(void) { int pid; pid = fork(); if(pid == -1) perror("fork"); return pid; } struct cmd* execcmd(void) { struct execcmd *cmd; cmd = malloc(sizeof(*cmd)); memset(cmd, 0, sizeof(*cmd)); cmd->type = ' '; return (struct cmd*)cmd; } struct cmd* redircmd(struct cmd *subcmd, char *file, int type) { struct redircmd *cmd; cmd = malloc(sizeof(*cmd)); memset(cmd, 0, sizeof(*cmd)); cmd->type = type; cmd->cmd = subcmd; cmd->file = file; cmd->mode = (type == '<') ? O_RDONLY : O_WRONLY|O_CREAT|O_TRUNC; cmd->fd = (type == '<') ? 0 : 1; return (struct cmd*)cmd; } struct cmd* pipecmd(struct cmd *left, struct cmd *right) { struct pipecmd *cmd; cmd = malloc(sizeof(*cmd)); memset(cmd, 0, sizeof(*cmd)); cmd->type = '|'; cmd->left = left; cmd->right = right; return (struct cmd*)cmd; } // Parsing char whitespace[] = " \t\r\n\v"; char symbols[] = "<|>"; int ge.

Shell to be modified#include stdlib.h #include unistd.h .pdf

clarityvision

// This is the shell.c Test: ./shell -test sub #include <ctype.h> /* Character types */ #include <stdio.h> /* Standard buffered input/output */ #include <stdlib.h> /* Standard library functions */ #include <string.h> /* String operations */ #include <sys/types.h> /* Data types */ #include <sys/wait.h> /* Declarations for waiting */ #include <unistd.h> /* Standard symbolic constants and types */ #include "smp1_tests.h" /* Built-in test system */ /* DEFINE SECTION */ #define SHELL_BUFFER_SIZE 256 /* Size of the Shell input buffer */ #define SHELL_MAX_ARGS 8 /* Maximum number of arguments parsed */ #define SHELL_HISTORY_SIZE 10 /* VARIABLE SECTION */ enum { STATE_SPACE, STATE_NON_SPACE }; /* Parser states */ char shell_history[SHELL_HISTORY_SIZE][SHELL_BUFFER_SIZE]; int shell_history_next_index = 0; int imthechild(const char *path_to_exec, char *const args[]) { // TO-DO P5.1 return execvp(path_to_exec, args) ? -1 : 0; } void imtheparent(pid_t child_pid, int run_in_background) { int child_return_val, child_error_code; /* fork returned a positive pid so we are the parent */ fprintf(stderr, " Parent says 'child process has been forked with pid=%d'\n", child_pid); if (run_in_background) { fprintf(stderr, " Parent says 'run_in_background=1 ... so we're not waiting for the child'\n"); return; } // TO-DO P5.4 wait(&child_return_val); /* Use the WEXITSTATUS to extract the status code from the return value */ child_error_code = WEXITSTATUS(child_return_val); fprintf(stderr, " Parent says 'wait() returned so the child with pid=%d is finished.'\n", child_pid); if (child_error_code != 0) { fprintf(stderr, " Parent says 'Child process %d failed with code %d'\n", child_pid, child_error_code); } } int get_shell_command(char *buffer, int size) { int i = 0; char c; while (i < size - 1 && (c = getchar()) != EOF && c != '\n') { buffer[i++] = c; } buffer[i] = '\0'; return i; } void parse_command(char *command, char **exec_args, int *exec_bg) { int argc = 0; *exec_bg = 0; while (*command != '\0') { /* Strip whitespace. */ while (isspace(*command)) { ++command; } if (*command == '\0') { break; } /* Save the argument. */ if (argc < SHELL_MAX_ARGS) { exec_args[argc++] = command; } while (*command != '\0' && !isspace(*command)) { ++command; } if (*command != '\0') { *command++ = '\0'; } } exec_args[argc] = NULL; /* Check for background execution request. */ if (argc > 0 && !strcmp(exec_args[argc - 1], "&")) { *exec_bg = 1; exec_args[--argc] = NULL; } } void run_shell_command; int main(int argc, char **argv) { pid_t shell_pid, pid_from_fork; int n_read, i, exec_argc, parser_state, run_in_background; char buffer[SHELL_BUFFER_SIZE]; char *exec_argv[SHELL_MAX_ARGS + 1]; // TO-DO new variables for P5.2, P5.3, P5.6 if (argc > 1 && !strcmp(argv[1], "-test")) { return run_smp1_tests(argc - 1, argv + 1); } shell_pid = getpid(); int command_counter = 1; while (1) { /* The Shell runs in an infinite loop, processing input. */ if (exec_argc > 0) { command_counter++; } // TO-DO P5.2 .

-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf

AdrianEBJKingr

I/O redirection in C shell Please implement input / output redirection in the code posted below. Here are the specs: Your shell will need to support file redirection. Use the same syntax as defined in the Bash shell: a single \'>\' implies that one needs to redirect the standard output of the program being started to the referenced file while a single \'<\' implies the same with standard input. The double \'>>\' implies that standard output will append to an existing file rather than create a new file (similar behavior is required for the \'<<\' operator and standard input). You do not need to implement support for the Bash pipeline operator \'|\'. Before calling exec to begin execution, the child process may have to close stdin (file desriptor 0) and/or stdout (file descriptor 0), open the corresponding file and use the dup2 system call to make it the appropriate file descriptor. Don\'t forget to use the close system call to close the old file descriptor. #include #include #include #include #include #include using namespace std; int change_dir(char* args[]) { if (args[1] == NULL) { chdir(getenv(\"HOME\")); return 1; } else { if (chdir(args[1]) == -1) { cout << \"No such directory\" << args[1]; return -1; } } return 0; } int helper_func(char* args[]) { cout << \"Builtin commands so far are; cd, and help.\ \"; return 0; } int main() { while(true) { cout << \"$ \"; char cmd[128]; cin.getline(cmd,128); vector args; char *line = strtok(cmd, \" \"); char *tmp = line; while (tmp != NULL) { args.push_back(tmp); tmp = strtok(NULL, \" \"); } char** argv = new char*[args.size() + 1]; for (int i = 0; i < args.size(); i++) argv[i] = args[i]; argv[args.size()] = NULL; if (strcmp(cmd, \"exit\") == 0) { { exit(0); } } //else if (strcmp(args[0], \"cd\") == 0) change_dir(args); if (strcmp(cmd, \"cd\") == 0) { change_dir(argv); } if (strcmp(cmd, \"help\") == 0) { helper_func(argv); } else { pid_t pid; pid_t wpid; int status; pid = fork(); if (pid == 0) { if (execvp(args[0], argv) == -1) { perror(\"cmd\"); } exit(EXIT_FAILURE); } else if (pid < 0) { perror(\"cmd\"); } { do { wpid = waitpid(pid, &status, WUNTRACED); } while (!WIFEXITED(status) && !WIFSIGNALED(status)); } } } signal(SIGINT, SIG_IGN); signal(SIGTERM, SIG_DFL); return 0; } Solution #include #include #include #include #include #include using namespace std; int change_dir(char* args[]) { if (args[1] == NULL) { chdir(getenv(\"HOME\")); return 1; } else { if (chdir(args[1]) == -1) { cout << \"No such directory\" << args[1]; return -1; } } return 0; } int helper_func(char* args[]) { cout << \"Builtin commands so far are; cd, and help.\ \"; return 0; } int main() { while(true) { cout << \"$ \"; char cmd[128]; cin.getline(cmd,128); vector args; char *line = strtok(cmd, \" \"); char *tmp = line; while (tmp != NULL) { args.push_back(tmp); tmp = strtok(NULL, \" \"); } char** argv = new char*[args.size() + 1]; for (int i = 0; i < args.size(); i++) argv[i] = args[i]; argv[args.size()] = NULL; if (strcmp(cmd, \.

IO redirection in C shellPlease implement input output redirect.pdf

forecastfashions

Python for Penetration testers

Christian Martorella

Asynchronous programming done right - Node.js

Piotr Pelczar

Backdooring the web is the cheapest and most hidden way to achieve persistence on a compromised network, both if you're looking at privileges on the webapp itself or at executing command to underlying system. During the talk, we will discuss the context of a web backdoor: the environment where she can born and grow up will be defined. Each environmental aspect will be thoroughly analyzed: where is the best point of injection, why we choose a specific function or trick, what permissions are needed, how to trigger the backdoor in a safe, hidden and reproducible way, and of course what to inject. The talk will thus present several ways to inject obfuscated and hard to spot vulnerabilities in PHP code. Shown examples will backdoor CMS plugins as well as custom code, altering the code and polluting the webapp ecosystem (read: DBMS and webservers).

PHP Backdoor: The rise of the vuln

Sandro Zaccarini

The Ring programming language version 1.6 book - Part 28 of 189

Mahmoud Samir Fayed

Help Needed! UNIX Shell and History Feature This project consists of designing a C program to serve as a shell interface that accepts user commands and then executes each command in a separate process. This project can be completed on any Linux, UNIX,orMacOS X system. A shell interface gives the user a prompt, after which the next command is entered. The example below illustrates the prompt osh> and the user’s next command: cat prog.c. (This command displays the le prog.c on the terminal using the UNIX cat command.) osh> cat prog.c One technique for implementing a shell interface is to have the parent process rst read what the user enters on the command line (in this case, cat prog.c), and then create a separate child process that performs the command. Unless otherwise specied, the parent process waits for the child to exit before continuing. This is similar in functionality to the new process creation illustrated in Figure 3.10. However, UNIX shells typically also allow the child process to run in the background, or concurrently. To accomplish this, we add an ampersand (&) at the end of the command. Thus, if we rewrite the above command as osh> cat prog.c & the parent and child processes will run concurrently. The separate child process is created using the fork() system call, and the user’s command is executed using one of the system calls in the exec() family A C program that provides the general operations of a command-line shell is supplied in Figure 3.36. The main() function presents the prompt osh-> and outlines the steps to be taken after input from the user has been read. The main() function continually loops as long as should run equals 1; when the user enters exit at the prompt, your program will set should run to 0 and terminate. This project is organized into two parts: (1) creating the child process and executing the command in the child, and (2) modifying the shell to allow a history feature. #include #include #define MAXLINE 80 /* The maximum length command */ int main(void) { char *args[MAXLINE/2 + 1]; /* command line arguments */ int should run = 1; /* flag to determine when to exit program */ while (should run) { printf(\"osh>\"); } fflush(stdout); /** * After reading user input, the steps are: * (1) fork a child process using fork() * (2) the child process will invoke execvp() * (3) if command included &, parent will invoke wait() */ return 0; } Part I — Creating a Child Process The rst task is to modify the main() function in the above program so that a child process is forked and executes the command specied by the user. This will require parsing what the user has entered into separate tokens and storing the tokens in an array of character strings ( args in the above program. For example, if the user enters the command ps -ael at the osh> prompt, the values stored in the args array are: args[0] = \"ps\" args[1] = \"-ael\" args[2] = NULL This args array will be passed to the execvp() function, which has the following prot.

Help Needed!UNIX Shell and History Feature This project consists.pdf

mohdjakirfb

http://linux.die.net/man/3/exec fork() creates a new process by duplicating the calling process. The new process, referred to as the child, is an exact duplicate of the calling process, referred to as the parent#include <unistd.h>pid_t fork(void); The exec() family of functions replaces the current process image with a new process image. The functions described in this manual page are front-ends for execve(2). (See the manual page for execve(2) for further details about the replacement of the current process image.) The exec() family of functions include execl, execlp, execle, execv, execvp, and execvpe to execute a file. The ANSI prototype for execl() is: int execl(const char *path, const char *arg0,..., const char *argn, 0) http://www.cems.uwe.ac.uk/~irjohnso/coursenotes/lrc/system/pc/pc4.htm #inciude <stdio.h> #inciude <unistd.h> main() { execl("/bin/ls", "ls", "-l", 0); printf("Can only get here on error\n"); } The first parameter to execl() in this example is the full pathname to the ls command. This is the file whose contents will be run, provided the process has execute permission on the file. The rest of the execl() parameters provide the strings to which the argv array elements in the new program will point. In this example, it means that the ls program will see the string ls pointed to by its argv[0], and the string -l pointed to by itsargv[1]. In addition to making all these parameters available to the new program, the exec() calls also pass a value for the variable: extern char **environ; This variable has the same format as the argv variable except that the items passed via environ are the values in the environment of the process (like any exported shell variables), rather than the command line parameters. In the case of execl(), the value of the environ variable in the new program will be a copy of the value of this variable in the calling process. The execl() version of exec() is fine in the circumstances where you can ex-plicitly list all of the parameters, as in the previous example. Now suppose you want to write a program that doesn't just run ls, but will run any program you wish, and pass it any number of appropriate command line parameters. Obviously, execl() won't do the job. The example program below, which implements this requirement, shows, however, that the system call execv() will perform as required: #inciude <stdio.h> main(int argc, char **argv) { if (argc==1) { printf("Usage: run <command> [<paraneters>]\n"); exit(1) } execv(argv[l], &argv[1)); printf("Sorry... couldn't run that!\n"); } The prototype for execv() shows that it only takes two parameters, the first is the full pathname to the command to execute and the second is the argv value you want to pass into the new program. In the previous example this value was derived from the argv value passed into the run command, so that the run command can take the command line parameter values you pass it and just pass them on. int execl(.

httplinux.die.netman3execfork() creates a new process by.docx

adampcarr67227

Node child process

LearningTech

lec4.docx

ismailaboshatra

The Ring programming language version 1.8 book - Part 31 of 202

Mahmoud Samir Fayed

Magic of Ruby

Gabriele Lana

ssh.isdn.test

Chris Hallman

Workshop 1: Good practices in JavaScript

Visual Engineering

Os lab final

LakshmiSarvani6

Similaire à Containers: What are they, Really? (20)

QA Fest 2019. Saar Rachamim. Developing Tools, While Testing

System Calls.pptxnsjsnssbhsbbebdbdbshshsbshsbbs

Program Assignment Process ManagementObjective This program a.docx

Process monitoring in UNIX shell scripting

Shell to be modified#include stdlib.h #include unistd.h .pdf

-- This is the shell-c Test- --shell -test sub #include -ctype-h- -- C.pdf

IO redirection in C shellPlease implement input output redirect.pdf

Python for Penetration testers

Asynchronous programming done right - Node.js

PHP Backdoor: The rise of the vuln

The Ring programming language version 1.6 book - Part 28 of 189

Help Needed!UNIX Shell and History Feature This project consists.pdf

httplinux.die.netman3execfork() creates a new process by.docx

Node child process

lec4.docx

The Ring programming language version 1.8 book - Part 31 of 202

Magic of Ruby

ssh.isdn.test

Workshop 1: Good practices in JavaScript

Os lab final

Plus de Sneha Inguva

When I joined the networking team at DigitalOcean a few years ago, I dove into an entirely different world of software-defined networking in the data center. Virtual switches, networking protocols — these were concepts that I had encountered at the surface level before — but now I frequently found myself debugging them. With time, I came to rely on a variety of Linux networking tools for introspecting, troubleshooting, and examining network state. In this talk, I’ll share some of my favorite Linux networking tools and discuss scenarios in which they are quite helpful.

Handy Networking Tools and How to Use Them

Sneha Inguva

MicroCPH: Observability and Product Release

Sneha Inguva

[Power To Fly Webinar] Observability at a Cloud Provider

Sneha Inguva

Networking and Go: An Epic Journey

Sneha Inguva

The pillars of observability have long been accepted as key components of any microservice-in-production. But what about those new products—those new features—that have yet to be released? Properly instrumenting and leveraging metrics at this stage is perhaps even more crucial. When a product is yet to be released, identifying and addressing early bugs is critical. See how the team at Digital Ocean leveraged Prometheus to properly instrument and test features within their software-defined networking pillar. This session will highlight instrumentation, key visualizations, and takeaways from their experience. You’ll also hear about areas for improvement and find out how to use these learnings for your own releases.

observability pre-release: using prometheus to test and fix new software

Sneha Inguva

Observability and Product Release

Sneha Inguva

Prometheus Everything, Observing Kubernetes in the Cloud

Sneha Inguva

The industry is moving toward a microservices architecture, and many companies have embraced container orchestration solutions such as Kubernetes. DigitalOcean is no different. Over the past year, DigitalOcean’s Delivery team has been building a runtime platform based on Kubernetes with the goal of making shipping code easier. The system has empowered service owners to quickly and efficiently deploy and update their applications. A vital component is a white box monitoring and alerting solution based on Prometheus and Alertmanager. Sneha Inguva offers an overview of the system and shares problems encountered, potential solutions, and key lessons learned in the process. Sneha dives into the setup of Prometheus and Alertmanager that allows service owners to instrument their own metrics and alerts, explaining the service owner’s point of view and the internals that allow for the dynamic addition of alerts, and offers a glimpse of future modifications to the system. Join in to learn how to leverage open source tools for your monitoring and alerting needs.

Observability in a Dynamically Scheduled World

Sneha Inguva

Plus de Sneha Inguva (8)

Handy Networking Tools and How to Use Them

MicroCPH: Observability and Product Release

[Power To Fly Webinar] Observability at a Cloud Provider

Networking and Go: An Epic Journey

observability pre-release: using prometheus to test and fix new software

Observability and Product Release

Prometheus Everything, Observing Kubernetes in the Cloud

Observability in a Dynamically Scheduled World

Dernier

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

A Secure and Reliable Document Management System is Essential.docx

ComplianceQuest1

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Technology has taken up space all over the world. From generating content with a single command on ChatGPT to getting your food served by Robots at your favorite restaurant, artificial advancements have ruled every space. Every industry is set to develop top-notch technology in every sector; finance, IT, healthcare, gaming, and banking, with competitive market standards. One of these rapidly growing industries is Mobile App Development. According to the Straits Research report, it is expected to reach USD 583.03 billion at a CAGR OF 12.8% between (2022 and 2030). It clearly shows how mobile app development has become an integral part of the digital landscape and revolutionized technology.

The Top App Development Trends Shaping the Industry in 2024-25 .pdf

ayushiqss

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, etc. Performance can be dialed UP (and back down) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

ryanfarris8

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Software Quality Assurance Interview Questions

Arshad QA

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

At the recent Microsoft Ignite 2023 conference, Microsoft unveiled a groundbreaking strategy that will redefine enterprise work management. The plan involves integrating Microsoft’s key planning tools, Microsoft To Do, Microsoft Planner, and Microsoft Project for the web into a unified experience called “Microsoft Planner.” What does this new strategy from Microsoft mean for current users? Join us and learn how best to take advantage of this announcement while gaining a clear path on how to elevate the current state of Microsoft Planner from a basic task manager to a comprehensive tool for Enterprise Work Management using OnePlan. Learn how OnePlan’s integration with Microsoft Planner allows for strategic alignment with business goals through advanced features like strategic planning, portfolio management, resource management, financial management, and more!

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

OnePlan Solutions

ManageIQ - Sprint 236 Review - Slide Deck

ManageIQ

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

Dernier (20)

TECUNIQUE: Success Stories: IT Service provider

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

A Secure and Reliable Document Management System is Essential.docx

10 Trends Likely to Shape Enterprise Technology in 2024

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VTU technical seminar 8Th Sem on Scikit-learn

The Top App Development Trends Shaping the Industry in 2024-25 .pdf

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

Software Quality Assurance Interview Questions

AI & Machine Learning Presentation Template

Define the academic and professional writing..pdf

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution

ManageIQ - Sprint 236 Review - Slide Deck

%in Midrand+277-882-255-28 abortion pills for sale in midrand

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

Containers: What are they, Really?

5. ● ● ●

8. + run input commands with arguments ++ add hostname limitations +++ add process ID limitations ++++ add mount/filesystem limitations

9. func main() { switch os.Args[1] { case "run": run() default: panic("what?") } } func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } func must(err error) { if err != nil { panic(err) } } ---- take inputs and executes them ---- panics with non-”run” command

10. 🎉 And it successfully echoes “Hello”!

11. ----- opens shell to “container process” ------ can check hostname ------ can CHANGE hostname!!!

12.

13.

14. func run() { fmt.Pintf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS, } must(cmd.Run()) } cmd will be executed with linux flag for calling a child process, which runs in a new UTS namespace

15. can see all processes on the host machine

16. func run() { fmt.Printf("running %vn", os.Args[2:]) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } why can we still the parent namespace? ----- execute cmd in new PID and new UTS namespace

17. func run() { cmd := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID, } must(cmd.Run()) } func child() { fmt.Printf("running %v as pid %vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(cmd.Run()) } ----- let’s try this again but fork off a child process

18. ----- child process has a PID of one! can still see processes on host machine ‘ps’ is looking in the /proc directory

19. func run() { md := exec.Command("/proc/self/exe", append([]string{"child"}, os.Args[2:]...)...) // link to currently running process cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout cmd.SysProcAttr = &syscall.SysProcAttr{ Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, } must(cmd.Run()) } ------ NEWNS flag for mount namespace is creating a “mount table” for the process, allowing it to have it’s own filesystem

20.

21. func child() { fmt.Printf("running %v as pid%vn", os.Args[2:], os.Getpid()) cmd := exec.Command(os.Args[2], os.Args[3:]...) cmd.Stdin = os.Stdin cmd.Stderr = os.Stderr cmd.Stdout = os.Stdout must(syscall.Chroot("/home/rootfs")) must(os.Chdir("/")) must(syscall.Mount("proc", "proc", "proc", 0, "")) must(cmd.Run()) } TODO Need a new root filsystem w/ empty /proc directory

22.

23. ● ✔ ● ✔ ● ● ✔ ● ●

24. ● ● ● ●

25. ● ● ●

26. ● ● ●

27. Source: https://docs.docker.com/engine/understanding-docker/ https://coreos.com/rkt/docs/latest/rkt-vs-other-projects.html#rkt-vs-docker

28. docker ecosystem

29. Source: https://github.com/nkhare/container-orchestration/blob/master/kubernetes/README.md

30. GKE DigitalOcean k8s

31. CNCF (cloud native computing foundation)

32. Questions?

33. ● ● , Julien Friedman ● My demo code - @si74 on github ● An overview of the docker ecosystem