In the document for gvisor, it is explained that "the sentry stores the effective mapping from virtual address to host file in a host VMA by invoking the mmap system call", so that the containerized application process has the information it needs to translate and access the virtual address it requested.
Here the sentry refers to the hypervisor process that is ptrace-ing the containerized child application process it spawns.
My question is, how exactly does the sentry call mmap()
for the application process? If it is calling from its own process, doesn't this modify its own VMA table instead of that of the application process?