Understanding File System Operations of a Secure Container Runtime Using System Call Tracing Technique

Understanding File System Operations of a Secure Container Runtime Using System Call Tracing Technique

This letter presents a technique that observes system call mapping behavior of the proxy kernel layer of secure container runtimes. We applied it to file system operations of a secure container runtime, gVisor. We found that gVisor's operations can become more expensive than the native by 48× m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2024/02/01, Vol.E107.D(2), pp.229-233
Hauptverfasser: JANG, Sunwoo, SUH, Young-Kyoon, TAK, Byungchul
Format: Artikel
Sprache:eng
Schlagworte:
Containers
gVisor
secure container runtime
system call
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This letter presents a technique that observes system call mapping behavior of the proxy kernel layer of secure container runtimes. We applied it to file system operations of a secure container runtime, gVisor. We found that gVisor's operations can become more expensive than the native by 48× more syscalls for open, and 6× for read and write.
ISSN:0916-8532
1745-1361
DOI:10.1587/transinf.2023EDL8039