Y
Hacker News
new
|
ask
|
show
|
jobs
by
dilyevsky
1062 days ago
Yes, it's a gVisor feature. They basically utilize SCM_RIGHTS[0] Linux api to open files from the gofer process outside of sandbox and then pass opened fds into the sandbox.
[0] -
https://blog.cloudflare.com/know-your-scm_rights/