A Curious Thing

by Thomas Orozco

Avid learner. Enthusiast Programmer. Aspiring Writer.

Read this first

Can it fork?

It’s a well-known fact that Linux (by default) overcommits memory, meaning that allocating memory via e.g. malloc practically never fails (this behavior is configurable via the vm.overcommit_memory sysctl knob).

This is possible because Linux doesn’t actually allocate any physical memory when a process requests some (e.g. via a mmap system call). Instead, it just records that the allocation happened in a Kernel data structure, and returns an address the process can use to access this memory later on. The first time (if ever) a process attempts to access memory it allocated, the Linux Kernel will attempt to allocate physical memory for it.

A bit on naming (this will matter later in this post): the entirety of the memory that was allocated by a process (regardless of whether it was ever accessed and is therefore backed by physical memory) is called virtual memory.

The upside of this

Continue reading →

A Deep Dive into the SIGTTIN / SIGTTOU Terminal Access Control Mechanism in Linux

From an end-user perspective, the TTY system in Linux (or any POSIX-like OS) is both functional and intuitive. For example, the input you type in usually goes to the process you expect it to go to, CTRL+Z usually suspends the process you expect to see suspended, CTRL+C usually interrupts the process you expect to see interrupted, and so on.

However, from an application developer perspective, things are… hairier! There’s a lot to say, but this blog post will focus specifically SIGTTOU / SIGTTIN mechanism, which is essentially how POSIX implements access control to TTY functionality, e.g. ensuring that background processes don’t inadvertently read input that isn’t destined for them.

This mechanism is both complex and sparsely documented (there are a few references in the Linux credentials man page and the Bash documentation, but nothing comprehensive). This post is my attempt at fixing

Continue reading →

Getting A First Patch Into Docker

A few weeks ago, I was hitting what seemed like a weird bug using Docker. My use case was fairly off the beaten path, so I wasn’t overly surprised when it turned out to be a bug in Docker itself.

Now, fortunately, this post isn’t a rant about how there was a bug in Docker!

Instead, it’s about relating my experience getting a first patch into Docker to fix said bug, and sharing a few tips for others that might want to do the same. In other words, you can hope to learn a little about Docker’s architecture, and about hacking on Docker itself.

Now, I should preface this by saying that prior to this episode I was largely oblivious to Docker’s implementation, and that my familiarity with Go (Docker’s implementation language) was quite limited. So, even if you have have never browsed the Docker codebase, and only know a thing or two about Go, this post should still be easy to follow!


Continue reading →