Advanced Programming in the Unix Environment
The entire semester in one 157 slides deck: https://stevens.netmeister.org/631/f25.pdf
Full playlist on youtube of all 72 video lectures: https://www.youtube.com/watch?v=BsB9Cg6yJc4&list=PL0qfF8MrJ-jxMfirAdxDs9zIiBg2Wug0z
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: Capabilities, Control Groups, Containers
In this video lecture, we're completing our discussion on how to restrict processes by looking at POSIX Capabilities, Linux Namespaces and Control Groups or "cgroups", and how these and the various other methods we've discussed in the last few videos allow us build containers like Docker or LXC.
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: Processor Affinity and CPU Sets
In this video lecture, we discuss how we can restrict a process to a specific CPU or set of CPUs by way of "CPU pinning" or processor affinity and via CPU sets.
This lecture also exists as a blog post version as well:
https://www.netmeister.org/blog/cpu-pinning-and-sets.html
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: Process Priorities
In this video lecture, we revisit resource utilization by processes and how to set their CPU scheduling priority or "niceness". We discuss dynamic priority scheduling algorithms and the use of the nice(1) and renice(8) utilities.
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: Restricted shells, Chroots, Jails
In this video lecture, we cover restricted shells, the chroot(2) syscall, and FreeBSD jails as ways to contain users and processes beyond file access controls.
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: eUIDs, file flags, mount options, securelevels
In this video lecture, we look at new ways to restrict processes and even root itself. We revisit how we change effective UIDs using setuid, su(1) and sudo(8), and then cover file flags, certain mount options, and BSD securelevels.
Advanced Programming in the Unix Environment
Week 13: Restricting Processes: POSIX ACLs
This week we're diving deeper into ways to restrict processes. We begin with a review of standard Unix file permissions and then show how POSIX.1e Access Control Lists (ACLs) can be used for more fine-grained control.
Advanced Programming in the Unix Environment
Week 12: Cryptographic Basics
A segment on where and how cryptography can help solve certain security issues, including a few code examples for how to handle secrets/passwords (and how they linger in memory!), how to hash passwords, and the impact of poor pseudo-random number generators (with a blast from the past via the 2008 Debian weak keys).
Lecture slides:
https://stevens.netmeister.org/631/12-cryptobasics.pdf
Advanced Programming in the Unix Environment
Week 12: Asynchronous and Memory Mapped I/O
With this video, we conclude our short series on advanced I/O topics with a quick summary of asynchronous (aio(7)) and memory mapped I/O (mmap(2)).
Advanced Programming in the Unix Environment
Week 12: Resource Locking
More miscellaneous "advanced I/O" - this time we discuss resource- and record locking using flock(2), lockf(3), and fcntl(2).
Jan Schaumann