Framework design upload
This commit is contained in:
deamonkai
18
linux/mapping.md
Normal file
18
linux/mapping.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# Linux mapping notes (draft)
|
||||
|
||||
## Isolation domains
|
||||
- namespaces (pid, net, mount, user) + cgroups.
|
||||
|
||||
## Capabilities / sandbox
|
||||
- seccomp for syscall filtering
|
||||
- LSM (AppArmor/SELinux/Landlock) for policy enforcement
|
||||
- ambient capabilities should be avoided; prefer explicit capability passing.
|
||||
|
||||
## Eventing
|
||||
- epoll + structured logs
|
||||
- optional auditd hooks
|
||||
|
||||
## Resource control
|
||||
- cgroups for CPU/memory/IO
|
||||
- accelerator scheduling will depend on driver/runtime stack
|
||||
|
||||
Reference in New Issue
Block a user