MinorFs 0.3.5

An userspace (fuse) filesystem that implements private storage for pseudo persistent processes.
MinorFs is a userspace (fuse) filesystem that implements private storage for pseudo persistent processes.

MinorFs implements a simple view based file system. The files ystem provided by MinorFs allows processes to become pseudo persistent processes, by giving these processes n-th claim persistent storage. By doing this, a program running under a user id can effectively protect its data for that user from malware that could be running under the same user id.

MinorViewFs creates a private directory for processes. Given that processes and their base identification (pids) are non persistent, and storage is persistent, the MinorViewFs filesystem allows processes the possibility to 'claim' an unused slot that was previously used by a process that was an instance of the same executable running under the same user id as the current process.

This claiming of a slot turns the process into an incarnation of some
'persistent' process, allowing it to make use of the 'private' directory
to store its state.

MinorFs allows most operations that a normal filesystem allows, but there are some differences. Links and symlinks are not supported, and chmod operations don't have any effect given that they are useless with respect to the security model that minorviewfs provides.

Please note that minorviewfs does not work well together with scripts, as the data will become private to the interpreter rather than to the script. Further note that currently persistent storage is limited to 32 concurent versions of the same program running with the same uid.

An important operation that MinorViewfs provides that makes it work together well with MinorCapFs is the use of a special extended attribute.
The extended attribute 'delegatable' that is made available for each file and directory, returns a path to the same underlaying directory but than through MinorCapFs. In contrast to the MinorViewFs paths, the paths into MinorCapFs can be delegated to other processes, even to other users.
The MinorCapFs paths contain a token that is in fact a very basic implementation of a so called 'password capability'.

Attenuation and revocations are not yet addressed in this version
of minorfs. The upcomming version of minorfs will aim to also provide additional minor filesystems for these purposes.

Main features:

  • Nth claim persistent processes.
  • Persistent private storage
  • Basic delegation

last updated on:
January 11th, 2009, 16:44 GMT
license type:
LGPL (GNU Lesser General Public License) 
developed by:
ROOT \ System \ Filesystems
Download Button

In a hurry? Add it to your Download Basket!

user rating 18



Rate it!
What's New in This Release:
  • The focus of this release is to provide better cooperation with and simpler usage on AppArmor-based Linux distributions.
  • This release adds generic AppArmor profiles for minorfs aware-tools, AppArmor profiles, and hard links for a least authority integrity confined version of bash.
  • It fixes some problems with the installation script.
  • This release has been tested to install and run on Ubuntu 8.10 and openSUSE 11.1.
read full changelog

Add your review!