MinorFs 0.3.5

An userspace (fuse) filesystem that implements private storage for pseudo persistent processes.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in MinorFs 0.3.5:

  • The focus of this release is to provide better cooperation with and simpler usage on AppArmor-based Linux distributions.
  • This release adds generic AppArmor profiles for minorfs aware-tools, AppArmor profiles, and hard links for a least authority integrity confined version of bash.
  • It fixes some problems with the installation script.
  • This release has been tested to install and run on Ubuntu 8.10 and openSUSE 11.1.
Read full changelog
send us
an update
LGPL (GNU Lesser General Public License) 
2.7/5 18
ROOT \ System \ Filesystems
MinorFs is a userspace (fuse) filesystem that implements private storage for pseudo persistent processes.

MinorFs implements a simple view based file system. The files ystem provided by MinorFs allows processes to become pseudo persistent processes, by giving these processes n-th claim persistent storage. By doing this, a program running under a user id can effectively protect its data for that user from malware that could be running under the same user id.

MinorViewFs creates a private directory for processes. Given that processes and their base identification (pids) are non persistent, and storage is persistent, the MinorViewFs filesystem allows processes the possibility to 'claim' an unused slot that was previously used by a process that was an instance of the same executable running under the same user id as the current process.

This claiming of a slot turns the process into an incarnation of some
'persistent' process, allowing it to make use of the 'private' directory
to store its state.

MinorFs allows most operations that a normal filesystem allows, but there are some differences. Links and symlinks are not supported, and chmod operations don't have any effect given that they are useless with respect to the security model that minorviewfs provides.

Please note that minorviewfs does not work well together with scripts, as the data will become private to the interpreter rather than to the script. Further note that currently persistent storage is limited to 32 concurent versions of the same program running with the same uid.

An important operation that MinorViewfs provides that makes it work together well with MinorCapFs is the use of a special extended attribute.
The extended attribute 'delegatable' that is made available for each file and directory, returns a path to the same underlaying directory but than through MinorCapFs. In contrast to the MinorViewFs paths, the paths into MinorCapFs can be delegated to other processes, even to other users.
The MinorCapFs paths contain a token that is in fact a very basic implementation of a so called 'password capability'.

Attenuation and revocations are not yet addressed in this version
of minorfs. The upcomming version of minorfs will aim to also provide additional minor filesystems for these purposes.

Last updated on January 11th, 2009

feature list

#userspace filesystem #FUSE filesystem #private storage #userspace #FUSE #filesystem #storage

Add your review!