Understanding File System Operations of a Secure Container Runtime Using System Call Tracing Technique

This letter presents a technique that observes system call mapping behavior of the proxy kernel layer of secure container runtimes. We applied it to file system operations of a secure container runtime, gVisor. We found that gVisor's operations can become more expensive than the native by 48× m...

Ausführliche Beschreibung

Bibliographische Detailangaben

Veröffentlicht in:	IEICE Transactions on Information and Systems 2024/02/01, Vol.E107.D(2), pp.229-233
Hauptverfasser:	JANG, Sunwoo, SUH, Young-Kyoon, TAK, Byungchul
Format:	Artikel
Sprache:	eng
Schlagworte:	Containers gVisor secure container runtime system call
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!