Forwarding Syscalls to Userspace

Explore a kernel patchset for forwarding syscalls to userspace in this 23-minute conference talk from linux.conf.au. Learn how this development allows containers to safely perform actions previously restricted to root on the host, such as loading kernel modules and mounting arbitrary filesystems. Discover the implementation details, including the use of ptrace and the Fineman algorithm, and understand the potential impact on container security and functionality. Gain insights into the challenges and issues faced during implementation, and see practical examples of how this technology can bridge the gap between container and host capabilities.

Intro
Load kernel modules
Mounting from inside containers
File systems
Ptrace
Fineman algorithm
P trace
Do stuff
Example
Implementation Issues