From 36b8eb3ce55602bcf36199330e98f2e154225cf7 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 25 Oct 2022 15:19:55 +0200
Subject: seitan: Initial import

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 README.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 README.md

(limited to 'README.md')

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..048b30f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+<style>
+.markdown-body {
+  display: block;
+  font-family: Roboto Mono, monospace;
+  font-weight: 200;
+  font-size: 13pt;
+  line-height: 1.5;
+}
+
+div > ul {
+  float: left;
+}
+</style>
+
+<img src="/static/seitan.svg" alt="seitan diagram"
+ style="object-fit: contain; width: 70%; float: left">
+
+* **build-filter**
+    * build BPF binary-search tree
+
+* **build-table**
+    * build transformation table
+
+* **seitan-loader**
+    * load BPF blob
+    * attach filter
+    * call blocking syscall
+    * on return, start binary
+
+* **seitan**
+    * load transformation table blob
+    * listen to netlink proc connector
+    * look for seitan-loader, once found:
+    * get seccomp notifier via pidfd_getfd()
+    * listen to it, new syscall:
+        * look up in transformation table
+        * load args from memory
+        * execute transformation, unblock, or block
+        * return, optionally injecting context
-- 
cgit v1.2.3