diff options
Diffstat (limited to 'docs/source/architecture.rst')
-rw-r--r-- | docs/source/architecture.rst | 69 |
1 files changed, 37 insertions, 32 deletions
diff --git a/docs/source/architecture.rst b/docs/source/architecture.rst index 59b55f8..2caec16 100644 --- a/docs/source/architecture.rst +++ b/docs/source/architecture.rst @@ -13,66 +13,71 @@ Format of network messages -------------------------- -1. Format of messages to file access registrar:: +1. Format of messages to the File Access Registrar:: <time of event: sec since 1970> <event type: open, read, write> <name of file> <building stage: stagename or unknown> <result:OK,ERR/errno,ASKING,DENIED> -2. Format of answer for ASKING packet from registrar:: +2. Format of answer for ASKING packet from File Access Registrar:: <ALLOW | DENY> *Notes:* * All sockets are SOCK_SEQPACKET -* All fields are delimited with character with code 0 +* All fields are delimited with character \0 -How Hooklib approach works? -=========================== +How does the Hooklib approach work? +=================================== -The main idea of Hooklib approach is to load a dynamic library-hooker -**before** any other library(including the C runtime, libc.so). -So, the functions, such as open, read and write, executed from this library -instead of libc.so. +The main idea behind the Hooklib approach is to load a dynamic library-hook +**before** any other library(including the C runtime). +So, the calls to functions such as open, read and write, are intercepted +using this library, instead of executing the ones in *libc*. -Hooklib module modifies Linux's dynamic linker behavior changing LD_PRELOAD -environment variable(see +Hooklib module modifies Linux's dynamic linker behavior, changing LD_PRELOAD +environment variable (see `man 8 ld-linux <http://linux.die.net/man/8/ld-linux>`_ for details). -Module protects LD_PRELOAD variable from further changes by program. +This module also protects LD_PRELOAD variable from further changes by executing +program. -When hooklib module loads, it connects to file access registrar via Unix domain -sockets. If program forks or creates a new thread, another copy of library -loads. +When Hooklib is loaded, it connects to the File Access Registrar via Unix domain +sockets. If a program forks or creates a new thread, another copy of the library +loads to register events from this new process/thread. -When program do open(...), read(...), write(...), library send an information -about a call to registrar. Registar can block or allow an event. If registrer -allows an event then the original function is called. Else error -"file not found" is returned. +When a program calls open(...), read(...), write(...), Hooklib sends a message +about a call to the File Access Registrar. The Registar can then block +or allow this event. If Registrar responds to the previous query with +an ALLOW packet, then the original function is called. Otherwise, the function +is not called and a "File not Found" error is returned instead. -How Fusefs approach works? -========================== +How does the Fusefs approach work? +================================== -The main idea if Fusefs approach is to create a loggable filesystem in userspace -and chroot a program into it. +The main idea of the Fusefs approach is to create a loggable filesystem in userspace +and jail a program into it, using a chroot. -Before program is launched registrar prepare mounts. It usually do: +Before the program is launched, The File Access Registrar prepare the mounts. +It would usually take the following steps: 1. mount -o bind / /mnt/rootfs/ -2. mount /dev/, /dev/pts, /dev/shm, /proc/, /sys/ same way +2. mount /dev, /dev/pts, /dev/shm, /proc/, /sys/ binding them to /mnt/rootfs 3. mount /lib64/, /lib32/, /var/tmp/portage/ same way to increase performance at cost of accuracy -4. launch fuse over /mnt/rootfs/ +4. launch FUSE over /mnt/rootfs/ -Fuse module blocks all external access to /mnt/rootfs while program runs. - -Fuse module also asks the registrar about event allowness. +Fuse module blocks all external access to /mnt/rootfs while the program runs. +The FUSE module will also ask the File Access Registrar to check whether access to +files inside the chroot are allowed or denied. As with the Hooklib approach, if +access to a file is denied, a "File not Found" error is returned. *Notes:* -* Checking for allowness takes a much time +* Checking for permission to access a file with the File Access Registrar, takes a +lot of time under this approach. Futher analysis of file access events ===================================== @@ -90,6 +95,6 @@ unuseful packages. Rules of heuristics ------------------- -1. *Package is not useful if all files are .desktop or .xml or .m4*. +1. *Package is not useful if all files are .desktop, .xml or .m4*. Aclocal util tries to read all .m4 files in /usr/share/aclocal directory. - Files ending on .desktop and .xml often readed on postrm phase.
\ No newline at end of file + Files ending on .desktop and .xml are often read in the postrm phase.
\ No newline at end of file |