aboutgitcodelistschat:MatrixIRC
path: root/README.md
blob: b23e2e88ff7a7066d29989903f3fff5f342fd38e (plain) (tree) 
37e94bd






36b8eb3















59968e8

36b8eb3







9b2dd57

36b8eb3








9b2dd57

36b8eb3






1
2
3
4
5
6

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

22

23
24
25
26
27
28
29

30

31
32
33
34
35
36
37
38

39

40
41
42
43
44
45






                                           














                                                  
                                                      






                                  
                  







                                      
                                        





                                                   
<!---
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (c) 2023 Red Hat GmbH
Author: Stefano Brivio <sbrivio@redhat.com>
-->

<style>
.markdown-body {
  display: block;
  font-family: Roboto Mono, monospace;
  font-weight: 200;
  font-size: 13pt;
  line-height: 1.5;
}

div > ul {
  float: left;
}
</style>

<img src="/static/seitan.svg" alt="seitan diagram"
 style="object-fit: contain; width: 50%; float: left">

* **build-filter**
    * build BPF binary-search tree

* **build-table**
    * build transformation table

* **seitan-eater**
    * load BPF blob
    * attach filter
    * call blocking syscall
    * on return, start binary

* **seitan**
    * load transformation table blob
    * listen to netlink proc connector
    * look for seitan-eater, once found:
    * get seccomp notifier via pidfd_getfd()
    * listen to it, new syscall:
        * look up in transformation table
        * load args from memory
        * execute transformation, unblock, or block
        * return, optionally injecting context
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 15:54:58 +0000