Welcome to the Linux Foundation Forum!

How does eBPF-based tools like tracee interact with container runtimes like gVisor

Posts: 1
edited February 16 in LFS260 Class Forum

Hello everyone, so,
the way I understand eBPF is that they're programs that extend the kernel enabling event-based actions on specified system calls.
gVisor on the other hand, works by intercepting system calls, isolating the container app and itself from the host.

So tracee works analyzing system calls on the host and gVisor works by intercepting them. So does one exclude the other?
Should I choose one over the other or should I implement both even though tracee wont really be getting the system calls from inside the containers?

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training