Unioning File Systems for Fun and Profit (Mostly fun...)


One of the specs for the laptop that's mentioned in BitFrost is that we're planning on using a unioned (Copy-on-Write (COW)) file system (likely AUFS) to produce a number of security effects (e.g. the core system software is on a r/o plane, with any changes happening only in a r/w plane above that software (and only by software that has explicitly been granted the right to write onto the system-area planes)).

Anyway, wrote up some thoughts on how to use AUFS across the project this morning and posted them to the security list. Just a straw-man to hopefully get discussion going.

I would like a system similar to that I described (modulo that I don't actually like the idea of having to explicitly grant access to individual files (I'd prefer to be able to grant access at the directory/project level), but that's something required by BitFrost).

Comments

  1. jesse

    jesse on 05/23/2007 4 p.m. #


    Is it possible to see/post that proposal (or is it in the olpc wiki)? I don't see the emails in the archives.

Comments are closed.

Pingbacks

Pingbacks are closed.