Calling OPA from eBPF, Through WASM, in the Kernel #3300
hpvd
started this conversation in
Development
Replies: 2 comments
-
|
just a screen as quick appetizer:
|
Beta Was this translation helpful? Give feedback.
0 replies
-
|
just noticed there is also the discussion area active for this repo. So this issue could probably be moved there... |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Just stumbled across this and found it pretty interesting as input for tracees architecture...
Calling OPA from eBPF, Through WASM, in the Kernel? You've Gone Mad! - Nandor Kracser, Cisco:
eBPF runs in Linux kernel space, and there were already some experiments to run WASM there as well, but why not use both there to help each other? eBPF is a trusted and sandboxed environment, WASM promises the same (we will see!), what can go wrong? In this presentation, Nandor will show how they ported an existing WASM virtual machine into kernel space, found out they can run OPA inside it, then exposed the whole thing to call it from eBPF.
https://www.youtube.com/watch?v=JSKNch6piyY
https://github.com/cisco-open/wasm-kernel-module
What do you think?
Beta Was this translation helpful? Give feedback.
All reactions