This repository has been archived by the owner on Jun 7, 2020. It is now read-only.
Maintain dazukofs for later kernel releases
License
twiddern/dazukofs-linux3.6
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
================
ABOUT DAZUKOFS
================
DazukoFS is a stackable filesystem to allow userspace applications to
perform online file access control. It was originally developed to
support online virus scanners, but could be useful for any application
that wishes to perform online file access control.
NOTE: DazukoFS is completely separate from Dazuko. DazukoFS uses a
different interface and different devices than Dazuko. It is
possible to use Dazuko and DazukoFS at the same time since
they do not share any code or resources. However, DazukoFS
is meant to replace Dazuko as an online file access control
solution.
=================
BUILD / INSTALL
=================
Below are brief instructions to get DazukoFS compiled and running on a
system with a Linux 2.6.36 kernel. You may need to manually adjust the
Makefile if you kernel sources are not in the default location.
(Patches are provided for various other kernels. See the section below
titled "PATCHING" for more information.)
compile the kernel module
# make
install the kernel module
# make dazukofs_install
load the kernel module
# modprobe dazukofs
verify that the module is loaded
# dmesg | grep dazukofs
create a playground to test DazukoFS
# mkdir /tmp/dazukofs_test
mount DazukoFS over the playground
# mount -t dazukofs /tmp/dazukofs_test /tmp/dazukofs_test
verify that DazukoFS is mounted
# mount | grep dazukofs
unmount DazukoFS
# umount /tmp/dazukofs_test
==========
PATCHING
==========
In the "patches" directory there are patches available to modify the
DazukoFS code to fit various other kernels. For example, if you are
running openSUSE 11.1 you can patch the code with the following
command:
$ patch -p1 < patches/patch-opensuse-11.1
There should not be any errors. If there are errors, then the patch
is broken and should be reported on the dazuko-devel mailing list.
Once the code has been patched you can build the kernel module as
described in the section "BUILD / INSTALL" above.
=========
TESTING
=========
A test application is provided. The test application simply prints out the
online file access information that is captured by DazukoFS. Below are
brief instructions to perform the test.
make sure the DazukoFS kernel module is loaded
# modprobe dazukofs
create a playground to test DazukoFS
# mkdir /tmp/dazukofs_test
mount DazukoFS over the playground
# mount -t dazukofs /tmp/dazukofs_test /tmp/dazukofs_test
copy some test files to the playground
# cp /bin/* /tmp/dazukofs_test
build the test program
# cd test
# make
start the test program
# env LD_LIBRARY_PATH=lib ./showfiles
open another terminal and access files in the playground
$ find /tmp/dazukofs_test -type f | xargs file
In the first terminal, the "showfiles" program should be showing the
accessed files. You can end the test program by pressing CTRL-C.
NOTE: The /proc filesystem must be mounted in order for the "showfiles"
program to display the file names.
===============
MOUNT ON BOOT
===============
You may want DazukoFS to be mounted over certain directories when the
machine boots. The easiest way to do this is to add the mounts to
the end of /etc/fstab. They would look something like this:
/usr /usr dazukofs defaults 0 0
/opt /opt dazukofs defaults 0 0
Of course, the dazukofs module must be loaded in order for this to work.
Consult the documentation of your distribution to learn how to automatically
load specific kernel modules on boot.
=========
WARNING
=========
It is possible to mount DazukoFS to a directory other than the directory
that is being stacked upon. For example:
# mount -t dazukofs /usr/local/games /tmp/dazukofs_test
When accessing files within /tmp/dazukofs_test, you will be accessing
files in /usr/local/games (through dazukofs). When accessing files directly
in /usr/local/games, dazukofs will not be involved (and will not detect
the file access).
THIS HAS POTENTIAL PROBLEMS!
If files are modified directly in /usr/local/games, the dazukofs layer
will not know about it. When dazukofs later tries to access those files,
it may result in corrupt data or kernel crashes. As long as
/usr/local/games is ONLY modified through dazukofs, there should not be
any problems.
==============
KNOWN ISSUES
==============
- DazukoFS does not support writing to memory mapped files. Attempting
to mmap files as read-write will result in an error. Applications
typically handle this by falling back to regular I/O. Read-only
memory mapping is supported by DazukoFS.
- It is not possible to stack DazukoFS over the root filesystem (/).
Stacking over pseudo filesystems (/proc, /dev, /sys) has not been
tested and should be avoided.
Please report problems to the dazuko-devel mailing list
(subscription required):
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
=======================
DAZUKOFS APPLICATIONS
=======================
This last section is meant for developers of DazukoFS applications. This
section will discuss the methods used for interacting with DazukoFS in
order to perform online file access control.
Although this section describes the low-level communication between
application and kernel, be aware that a userspace library libdazukofs
exists that has already implemented this communication. Using the
library makes it very easy to write applications for DazukoFS. The
library can be found on the Dazuko website: http://www.dazuko.org
An application can register itself to receive notification about DazukoFS
file access events. The application then also has the authority to block
the file access.
DazukoFS supports multiple groups. A group is a set of registered processes
that work together. For each file access event, only one of the registered
processes of a group will be notified. By registering multiple processes
within the same group, an application will be able to perform file access
control for multiple files simultaneously.
A list of registered groups can be seen by reading from the
/dev/dazukofs.ctrl device. For example:
0:Group_A
1:Group_B
This means that the group named "Group_A" has been assigned the group id 0
and the group name "Group_B" has been assigned the group id 1. Groups can
be added by writing to the /dev/dazukofs.ctrl device. For example, writing:
add=My_New_Group
will create a new group, which will be assigned an available group id. The
creation of the group should be verified by reading from the
/dev/dazukofs.ctrl device. This is also necessary to see which group id was
assigned to the new group.
0:Group_A
1:Group_B
2:My_New_Group
The new group "My_New_Group" has been assigned the group id 2. Group names
are restricted to the characters: a-z A-Z 0-9 - _
Each group has their own device /dev/dazukofs.N in order to interact with
DazukoFS (where 'N' is the group id). For "My_New_Group" we are assigned
/dev/dazukofs.2 to use.
By opening the device /dev/dazukofs.N an application has registered itself.
A read on the device will block until a file access event on DazukoFS has
taken place. When a file access event has occured, the read will return with
information about the file access event. For example:
id=11
fd=4
pid=3226
This means that the particular file access event has been given the id 11.
The file descriptor 4 has been opened for the registered process. This file
descriptor allows the registered process read-only access to the file being
accessed. The pid of the accessing process is 3226.
Using this information, the registered application must determine if the
access should be denied or allowed. The application must then respond with
an answer. This is done by writing to the device:
id=11 r=0
"r" is the response. A value of 0 means to allow the access. A value of 1
means to deny the access.
IMPORTANT: The application is responsible for closing the file descriptor
that was opened by DazukoFS.
Since DazukoFS will open the file being accessed, the registered process
only requires read/write permissions to the device in order to perform
online file access control. The file is opened even if the registered
application normally would not have access to the file. This allows an
unprivileged process to perform file access control for any file on the
system.
By closing the device, the application will unregister itself.
To provide crash protection for applications, groups can be added using
the "addtrack" keyword instead of "add". The keyword "addtrack" tells
DazukoFS to add the group and track the number of registered processes in
that group. Tracking begins as soon as the first process has registered
with DazukoFS. Once all processes of the group have unregistered, DazukoFS
will automatically delete the group.
If an application crashes, is killed, or ends without closing the device,
DazukoFS will still unregister that process. Using "addtrack" will ensure
that a created group is automatically deleted if the application is not
able to shutdown in a clean manner.
NOTE: If "addtrack" is used, it is necessary for the device to be kept open
the entire time the application is performing online file access
control. Otherwise the group may become unintentionally deleted.
If "add" is used, it is not necessary for the device to be kept open
while the application decides if access should be allowed. Actually,
DazukoFS doesn't care which process responds to a file access event.
DazukoFS is only interested in a response for the given event id.
A group can be deleted by writing to the /dev/dazukofs.ctrl device. For
example, writing:
del=My_New_Group
When a group is deleted, any processes registered with that group will
be interrupted. Further reads on /dev/dazukofs.N will result in an error
(until some other group has been assigned that group id).
The deletion of the group should be verified by reading from the
/dev/dazukofs.ctrl device.
0:Group_A
1:Group_B
If no groups have been added, DazukoFS will allow all file access events. If,
however, at least one group is added, DazukoFS will expect one process from
each group to handle every file access event. Even if no processes are
registered but one or more groups exist, DazukoFS will still wait for file
access events to be handled by each group. For this reason it is important
that an application deletes a group it has created, once it should no longer
perform online file access control.
All processes on the system that try to access files on a DazukoFS mount will
require authorization (if at least one group exists). This is also true for
registered process that try to access files on a DazukoFS mount.
IMPORTANT: If registered processes access files on a DazukoFS mount, they
will cause new file access events that must be authorized. This
could lead to deadlock if not properly considered.
Since the registered process receives an open file descriptor to the file
being accessed, there should be no need for that process to open other
files. However, if the process must open additional files (and these
files potentially lie on a DazukoFS mount), it is possible for processes
to hide themselves from DazukoFS.
By opening the /dev/dazukofs.ign device, a process will be ignored by
DazukoFS. It does not matter if the process is registered or not. No data
must be written or read from the device. It simply needs to be opened.
WARNING: Make sure the permissions for /dev/dazukofs.ign are securely
set. Otherwise, any process could potentially hide itself.
As soon as the /dev/dazukofs.ign device is closed, the process is no
longer hidden.
About
Maintain dazukofs for later kernel releases
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published