Posts

Research Project Process Isolation Wrote an OCaml binding for the clone3 syscall (clone_shim.ml/clone3_stub.c). Some decisions made to make this feel a bit higher level: List of flags rather than ORed together numbers. Options used where helpful. Looked into using an OCaml callback, but of course this doesn’t work (as expected - OCaml didn’t like Multicore!). Currently execve’s a specific binary (/bin/sh), but should be easy to extend. Tricky to know sometimes what to put in C and what to put in OCaml....

Research Project Process Isolation Setup a Fedora testing VM for easier and consistent testing. Fedora 35 uses pure cgroups2 by default - very useful! Sorted out backups for the repo and the above machine. Chose a testing framework for C enabling testing of the assertions to build the project upon. Used Unity. Simple and the examples show that it doesn’t do much beyond the minimum - important for this low level code with syscalls....