Tutorial

☂️ Intro When your code includes a suite of unit tests, code coverage is an important metric to measure the test effectiveness and it’s rather easy to obtain; there are plenty of tools around. Image credits to: Nataliya Vaitkevich On the other hand, often we also need to do integration or E2E testing, as in our QA journey we are mostly running real world programs instead of single well-chosen functions. Let’s start with a basic use case, and prepare a simple program tailored for this purpose. ...

💭 What ? Imagine a web server that only starts when someone actually tries to access it. Or a database that spins up only when a query comes in: this is the magic of socket activation. The concept is not new, as old-school sysadmins may are used to see something like inetd or xinetd for on-demand service activation in the past. As some cool projects like cockpit have already started using this little-known feature, in this blog post we’ll see the basics and try to get familiarity with the tooling. ...

👣 Intro Tracing tools are pretty popular in the Unix/Linux ecosystem; for example in the userspace we have ltrace to trace library calls of the programs and strace to dive in deeper and inspect syscall usage. One of the many features that Linux kernel offers since 2008 (then evolved) is ftrace that allows many different kind of tracing at runtime. While not as flexible as eBPF technology, it can be helpful in some occasion and doesn’t require a full fledged programming language. ...

🔐 Intro As an experienced sysadmin, you might be familiar with the traditional “all-or-nothing” approach: if a shell or process is running with UID==0, it can do almost everything on a system; while a plain user process is restricted by some means: tipically it can’t open RAW sockets, can’t bind “privileged” ports under 1024, can’t change a file ownership and so on. Linux capabilities is a feature, gradually introduced starting from kernel 2.2, that permits a more fine-grained control over privileged operations, breaking the traditional binary root/non-root distinction. Just as by using sudo we can run specific commands as another user (even root), without permanently becoming that user, by using capabilities, we can grant a program only certain privileges without having to run it as root. ...