"Let's hook up !" ~ said every LD_PRELOAD ever 🪝⚙️
In the last entry, I explored mirrord on a very surface level. I mirrored a local process into Kubernetes using the `mirrord exec` command and explored the mirrord-agent to get a basic understanding of the environment in which the mirrored process ran. This entry continues from the last time where we left off in trying to understand the inner workings of mirrord.
Last time we ran mirrord in Targetless Mode. We ran a curl command through mirrord for it to get mirrored to the context of a Kubernetes cluster. We were then able to access the ClusterIP echo-server Service which wasn’t exposed.
The environment in which the mirrored process (mirrored by mirrord) runs is made possible by Linux Capabilities. We only scratched the surface last time and didn’t get to exactly see how they manifest themselves in a Pod. We learnt a little about the Linux Capabilities through the documentation, but, we didn’t see them in action.
To see them in action we need to use mirrord in the Targeted Mode. In this case, mirrord is going to run the process locally and then use mirrord-layer to hook the execution of the libc functions. Then it will listen for the traffic/output of the mirrored process in the mirrord-agent and route the information to the mirrord-layer which will pass the information onto the hooked/replaced/detoured (can be used interchangably) libc functions.
