Jake's Weekly - 17th Jan 2022
Research Project Process Isolation Wrote an OCaml binding for the clone3 syscall (clone_shim.ml/clone3_stub.c). Some decisions made to make this feel a bit higher level: List of flags rather than ORed together numbers. Options used where helpful. Looked into using an OCaml callback, but of course this doesn’t work (as expected - OCaml didn’t like Multicore!). Currently execve’s a specific binary (/bin/sh), but should be easy to extend. Tricky to know sometimes what to put in C and what to put in OCaml....