Framework design upload
This commit is contained in:
deamonkai
3
linux/README.md
Normal file
3
linux/README.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# Linux mapping
|
||||
|
||||
See `mapping.md`.
|
||||
18
linux/mapping.md
Normal file
18
linux/mapping.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# Linux mapping notes (draft)
|
||||
|
||||
## Isolation domains
|
||||
- namespaces (pid, net, mount, user) + cgroups.
|
||||
|
||||
## Capabilities / sandbox
|
||||
- seccomp for syscall filtering
|
||||
- LSM (AppArmor/SELinux/Landlock) for policy enforcement
|
||||
- ambient capabilities should be avoided; prefer explicit capability passing.
|
||||
|
||||
## Eventing
|
||||
- epoll + structured logs
|
||||
- optional auditd hooks
|
||||
|
||||
## Resource control
|
||||
- cgroups for CPU/memory/IO
|
||||
- accelerator scheduling will depend on driver/runtime stack
|
||||
|
||||
0
linux/notes/.keep
Normal file
0
linux/notes/.keep
Normal file
Reference in New Issue
Block a user