get_mempolicy() retrieves the NUMA policy of the calling process or of a memory address, depending on the setting offlags. A NUMA machine has different memory controllers with different distances to specific CPUs. The memory policy defines from which node memory is allocated for the process. If...
{ LinuxSyscall: specs.LinuxSyscall{ Names: []string{ "get_mempolicy", "mbind", "set_mempolicy", }, Action: specs.ActAllow, }, Includes: &Filter{ Caps: []string{"CAP_SYS_NICE"}, }, }, The containerd profile does not seem to contain the syscalls above. https://github.com/containe...
安全研究Security Research 你的漏洞管理程序是有效并成功的吗? http://t.cn/E2A7IDX gVisor提权 http://t.cn/E2A7IsH 如何攻击,保护软件定义网络(SDN)? http://t.cn/E2AzmsR WebAssembly介绍 http://t.cn/E2A7M7c 本文由360CERT热点播报原创发布 ...
Cherry pick #70900 to 24.10: make numactl respect EPERM error, when get_mempolicy is is restricted by seccomp commented Original pull-request#70900 This pull-request is a first step of an automated backporting. It contains changes similar to callinggit cherry-picklocally. If you intend to conti...