blob: a69032733ec05447328d7ffe5bcaa8851840061e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
<style>
.markdown-body {
display: block;
font-family: Roboto Mono, monospace;
font-weight: 200;
font-size: 13pt;
line-height: 1.5;
}
div > ul {
float: left;
}
</style>
<img src="/static/seitan.svg" alt="seitan diagram"
style="object-fit: contain; width: 70%; float: left">
* **build-filter**
* build BPF binary-search tree
* **build-table**
* build transformation table
* **seitan-eater**
* load BPF blob
* attach filter
* call blocking syscall
* on return, start binary
* **seitan**
* load transformation table blob
* listen to netlink proc connector
* look for seitan-eater, once found:
* get seccomp notifier via pidfd_getfd()
* listen to it, new syscall:
* look up in transformation table
* load args from memory
* execute transformation, unblock, or block
* return, optionally injecting context
|