Skip to content

Instantly share code, notes, and snippets.

View giuseppe's full-sized avatar

Giuseppe Scrivano giuseppe

386 followers · 0 following
View GitHub Profile
@giuseppe
giuseppe / sparse_file_writer.go
Last active February 20, 2024 12:16
PoC create a sparse file
package main
import (
"bytes"
"errors"
"io"
"os"
)
type state int
@giuseppe
giuseppe / retrieve_overlay_origin_file.c
Created May 30, 2023 14:37
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/sysmacros.h>
#include <sys/xattr.h>
#include <unistd.h>
@giuseppe
giuseppe / io_uring_chcon.c
Created December 10, 2021 10:29
/*
* io_uring_chcon.c
*
* Copyright (C) 2021 Giuseppe Scrivano <giuseppe@scrivano.org>
* io_uring_chcon is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* io_uring_chcon is distributed in the hope that it will be useful,
@giuseppe
giuseppe / go.mod
Created July 6, 2020 19:43
systemd inhibit PoC
module inhibit
go 1.13
require (
github.com/godbus/dbus/v5 v5.0.3
)
@giuseppe
giuseppe / sync-ebpf.py
Created May 8, 2020 15:37
#!/usr/bin/python3
#
# profile *sync* syscalls.
#
# Based on existing programs that have these copyrights:
# Copyright (c) 2015 Brendan Gregg.
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 13-Aug-2015 Brendan Gregg Created this.
# 19-Feb-2016 Allan McAleavy migrated to BPF_PERF_OUTPUT
@giuseppe
giuseppe / Makefile
Last active September 14, 2019 16:20
fuse-overlayfs shared storage
# All files must be copied under the fuse-overlayfs root source directory
all: test-plugin.so convert
test-plugin.so:
gcc -fPIC -I $(pwd) -shared -o test-plugin.so test-plugin.c utils.c
convert:
gcc convert.c -o convert
@giuseppe
giuseppe / notes.md
Created July 5, 2019 20:52
Note for cgroups v2 Kubernetes

Enable cgroups v2

# grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
# cat /etc/systemd/system/enable-cgroups.service 
[Service]
ExecStart=/bin/sh -c 'echo "+io +cpu +memory +pids +cpuset" > /sys/fs/cgroup/cgroup.subtree_control; mkdir /sys/fs/cgroup/user.slice; echo "+io +cpu +memory +pids +cpuset" > /sys/fs/cgroup/user.slice/cgroup.subtree_control'
Type=oneshot

[Install]
WantedBy=multi-user.target
@giuseppe
giuseppe / local_k8s_crio.sh
Created July 4, 2019 12:54
local k8s CRI-O
#!/bin/bash -e
set -x
set -u
IP=$(hostname -I | cut -d' ' -f1)
echo "Using IP: $IP"
export GOPATH=/home/gscrivano/src/gopath
export PATH=$PATH:$GOPATH/bin:$GOPATH/src/k8s.io/kubernetes/third_party/etcd:$GOPATH/src/k8s.io/kubernetes/_output/local/bin/linux/amd64/
export FEATURE_GATES="AllAlpha=false,RunAsGroup=true"
export CONTAINER_RUNTIME=remote
export CGROUP_DRIVER=systemd
@giuseppe
giuseppe / build.rs
Created June 16, 2019 22:02
crun rust hooks
use std::env;
use std::process::Command;
use std::path::Path;
fn main() {
let out_dir = env::var("OUT_DIR").unwrap();
Command::new("make").current_dir(&Path::new("../..")).arg("install").arg(&format!("DESTDIR={}", out_dir)).status().unwrap();
println!("cargo:rustc-link-search=native={}/usr/local/lib", out_dir);
println!("cargo:rustc-link-lib=static=crun");
println!("cargo:rustc-link-lib=yajl");
@giuseppe
giuseppe / podman_runc_crun.md
Last active April 10, 2024 22:38
runc vs crun performance

running Podman as root

runc

[root@fedora-s-4vcpu-8gb-fra1-01 ~]# for i in {1..10}; do /usr/bin/time -f%e podman \
    --runtime /usr/bin/runc run --rm alpine true; done 2>&1 | sort
1.10
1.10
1.10