Advances, Systems and Applications
Table 1 Example cases of unexplored operations that do not belong to normal execution paths. Each case exceptionally appears under specific conditions, not simple benchmarks or training. The above system calls are required to perform the required operation successfully
From: Optimus: association-based dynamic system call filtering for container attack surface reduction
Container Image | Operation that rarely occurs | Required system calls | Reason to invoke system calls |
|---|---|---|---|
PostgreSQL | Memory Buffer Bloating | mremap | To resize memory space for transaction logs and caching |
Nginx | Configuration Reload | lstat | To confirm and parsing the new configuration file |
| Â | Â | umask | To open log files and new sockets |
| Â | Â | getpgrp | To obtain the PGID of the old worker processes |
| Â | Â | kill | To send the SIGTERM signal to the old worker processes |
Nginx | Cache Purging | unlink | To delete the old cached files |
Apache Httpd | Server Reconfiguration | dup2 | To duplicate the file descriptor of the dummy socket |
| Â | Â | sysinfo | To get available memory/swap space size |
| Â | Â | getpgrp | To obtain the PGID of the old worker processes |
| Â | Â | kill, tgkill | To send the SIGTERM signal to the old worker processes |