Lustre & SELinux: in theory and in practice
|
|
|
- Bethanie Bradley
- 5 years ago
- Views:
Transcription
1 Lustre & SELinux: in theory and in practice Septembre 22 nd, 2014 Sebastien Buisson Parallel File Systems Extreme Computing R&D Bull
2 Lustre & SELinux Lustre on an SELinux-enabled client Security policy enforcement on Lustre Impact of security over performance 2
3 Lustre on an SELinux-enabled client Bull
4 Lustre on an SELinux-enabled client From Lustre Operations Manual Before installing the Lustre software, make sure you disable Security-Enhanced Linux (SELinux) on all Lustre servers and clients. The Lustre software does not support SELinux. Therefore, the SELinux system extension must be disabled on all Lustre nodes. BUT since LU-506 (Lustre 2.3), replace ll_d_add() with d_add() internally calls security_d_instantiate() SELinux does not prevent Lustre from working properly anymore 4
5 Security policy enforcement on Lustre Bull
6 Security policy enforcement on Lustre To begin with: Create a file and see its security attributes: [nodea]# ls -lz /lustre/file1 -rwxr-xr-x. root root system_u:object_r:default_t:s0 But in MDT: no xattr containing security information /lustre/file1 # debugfs /dev/ram1 -R "stat ROOT/file1" Inode: Type: regular Mode: 0666 Flags: 0x0 Size of extra inode fields: 28 Extended attributes stored in inode body: lma = " " (24) lma: fid=[0x :0x5:0x0] compat=0 incompat=0 lov = "d0 0b d1 0b " (56) link = "df f1 ea f c " (47) Shows need to store security information permanently 6
7 Security policy enforcement on Lustre Code evolutions proposed in LU-5560 initialize security context in struct inode security_inode_init_security() store it in security.selinux xattr ll_setxattr() With the patch: [nodea]# ls -lz /lustre/file1 -rwxr-xr-x. root root system_u:object_r:file_t:s0 /lustre/file1 # debugfs /dev/ram1 -R "stat ROOT/file1" Inode: Type: regular Mode: 0666 Flags: 0x0 Size of extra inode fields: 28 Extended attributes stored in inode body: lma = " " (24) lma: fid=[0x :0x5:0x0] compat=0 incompat=0 lov = "d0 0b d1 0b " (56) link = "df f1 ea f c " (47) selinux = "system_u:object_r:file_t:s0\000" (31) 7
8 Security policy enforcement on Lustre SELinux user «unconfined» transparent access to Lustre filesystem Specific SELinux user without dedicated security policy: all accesses denied with a specific security policy defined on the Lustre client: access granted in accordance with the policy Security policy extract allow user_t file_t:file { getattr open read write create unlink }; allow user_t file_t:dir { search getattr open read write add_name create remove_name rmdir }; 8
9 Security policy enforcement on Lustre Security context change from another node [nodeb]# chcon -t home_t /lustre/file1 [nodeb]# ls -lz /lustre/file1 -rwxr-xr-x. root root system_u:object_r:home_t:s0 /lustre/file1 # debugfs /dev/ram1 -R "stat ROOT/file1" Inode: Type: regular Mode: 0666 Flags: 0x0 Size of extra inode fields: 28 Extended attributes stored in inode body: lma = " " (24) lma: fid=[0x :0x5:0x0] compat=0 incompat=0 lov = "d0 0b d1 0b " (56) link = "df f1 ea f c " (47) selinux = "system_u:object_r:home_t:s0\000" (31) But on initial node: [nodea]# ls -lz /lustre/file1 -rwxr-xr-x. root root system_u:object_r:file_t:s0 /lustre/file1 Shows need for security information coherency but this is a very special case 9
10 Security policy enforcement on Lustre Code evolution proposed in LU-5560 drop inode from cache after use struct super_operations lustre_super_operations = { <<<snip>>> <<<snip>>> };.drop_inode = generic_delete_inode, discussions about the viability of this proposal... 10
11 Impact of security over performance Bull
12 Impact of security over performance Tests Environment 1 client node, 1 Lustre server MDS+OSS, ramdisk storage Benchmark mdtest «directory per process» mode Code tested Permanent security info, without coherency Lustre «security.selinux xattr» patch Objectives SELinux impact over metadata performance xattr caching benefit 12
13 mdtest - create 13
14 mdtest - stat 14
15 mdtest - restat 15
16 mdtest - remove 16
17 mdtest Tests summary: Difference from «no selinux» Lustre «security.selinux xattr» patch selinux no xattr caching selinux xattr caching create - 35 % - 50 % stat - 35 % - 75 % restat similar similar remove similar - 35 % 17
18 Impact of security over performance Code tested coherency in addition to permanent security info previous code + inode drop after use Objectives viability of the solution 18
19 mdtest Tests summary: Lustre «security.selinux xattr» patch + inode drop after use Difference from «no selinux» create -40 % stat -85 % restat -95 % remove -25 % 19
20 Bull
Status of SELinux support in Lustre
Status of SELinux support in Lustre 2017/05 DataDirect Networks, Inc. Sebastien Buisson sbuisson@ 2 Status of SELinux support in Lustre LU-8956: security context at create Performance & correctness LU-9193:
European Lustre Workshop Paris, France September Hands on Lustre 2.x. Johann Lombardi. Principal Engineer Whamcloud, Inc Whamcloud, Inc.
European Lustre Workshop Paris, France September 2011 Hands on Lustre 2.x Johann Lombardi Principal Engineer Whamcloud, Inc. Main Changes in Lustre 2.x MDS rewrite Client I/O rewrite New ptlrpc API called
Project Quota for Lustre
1 Project Quota for Lustre Li Xi, Shuichi Ihara DataDirect Networks Japan 2 What is Project Quota? Project An aggregation of unrelated inodes that might scattered across different directories Project quota
Lustre Metadata Fundamental Benchmark and Performance
09/22/2014 Lustre Metadata Fundamental Benchmark and Performance DataDirect Networks Japan, Inc. Shuichi Ihara 2014 DataDirect Networks. All Rights Reserved. 1 Lustre Metadata Performance Lustre metadata
Idea of Metadata Writeback Cache for Lustre
Idea of Metadata Writeback Cache for Lustre Oleg Drokin Apr 23, 2018 * Some names and brands may be claimed as the property of others. Current Lustre caching Data: Fully cached on reads and writes in face
SELinux Basics. Clint Savage Fedora Ambassador. Fedora Classroom November 9, 2008
SELinux Basics Clint Savage Fedora Ambassador Fedora Classroom November 9, 2008 What is SELinux? Another layer of security Created by the NSA / Red Hat Helps add to the multiple layers of defense Generally
Lustre Clustered Meta-Data (CMD) Huang Hua Andreas Dilger Lustre Group, Sun Microsystems
Lustre Clustered Meta-Data (CMD) Huang Hua H.Huang@Sun.Com Andreas Dilger adilger@sun.com Lustre Group, Sun Microsystems 1 Agenda What is CMD? How does it work? What are FIDs? CMD features CMD tricks Upcoming
Landlock LSM: toward unprivileged sandboxing
Landlock LSM: toward unprivileged sandboxing Mickaël Salaün ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle
SELinux Updates. Thorsten Scherf Senior Consultant. Red Hat Global Professional Services Berlin / Germany
SELinux Updates Thorsten Scherf Senior Consultant Red Hat Global Professional Services 01.12.2011 Berlin / Germany Agenda SELinux review What happened to strict policy Policy customization and development
Remote Directories High Level Design
Remote Directories High Level Design Introduction Distributed Namespace (DNE) allows the Lustre namespace to be divided across multiple metadata servers. This enables the size of the namespace and metadata
Multi-tenancy: a real-life implementation
Multi-tenancy: a real-life implementation April, 2018 Sebastien Buisson Thomas Favre-Bulle Richard Mansfield Multi-tenancy: a real-life implementation The Multi-Tenancy concept Implementation alternative:
CMD Code Walk through Wang Di
CMD Code Walk through Wang Di Lustre Group Sun Microsystems 1 Current status and plan CMD status 2.0 MDT stack is rebuilt for CMD, but there are still some problems in current implementation. No recovery
Lustre 2.8 feature : Multiple metadata modify RPCs in parallel
Lustre 2.8 feature : Multiple metadata modify RPCs in parallel Grégoire Pichon 23-09-2015 Atos Agenda Client metadata performance issue Solution description Client metadata performance results Configuration
UNIX File Hierarchy: Structure and Commands
UNIX File Hierarchy: Structure and Commands The UNIX operating system organizes files into a tree structure with a root named by the character /. An example of the directory tree is shown below. / bin
SELinux. Thorsten Scherf. Red Hat EMEA. October 2015
SELinux Thorsten Scherf Red Hat EMEA October 2015 What is wrong with UNIX security? Programs have full control over the access given to files they create (Discretionary Access Control DAC) Therefore no
Nathan Rutman SC09 Portland, OR. Lustre HSM
Nathan Rutman SC09 Portland, OR Lustre HSM Goals Scalable HSM system > No scanning > No duplication of event data > Parallel data transfer Interact easily with many HSMs Focus: > Version 1 primary goal
Distributed File System
Distributed File System Project Report Surabhi Ghaisas (07305005) Rakhi Agrawal (07305024) Election Reddy (07305054) Mugdha Bapat (07305916) Mahendra Chavan(08305043) Mathew Kuriakose (08305062) 1 Introduction
File access-control per container with Landlock
File access-control per container with Landlock Mickaël Salaün ANSSI February 4, 2018 1 / 20 Secure user-space software How to harden an application? secure development follow the least privilege principle
Demonstration Milestone for Parallel Directory Operations
Demonstration Milestone for Parallel Directory Operations This milestone was submitted to the PAC for review on 2012-03-23. This document was signed off on 2012-04-06. Overview This document describes
Input & Output 1: File systems
Input & Output 1: File systems What are files? A sequence of (usually) fixed sized blocks stored on a device. A device is often refered to as a volume. A large device might be split into several volumes,
Protect your server with SELinux on SUSE Linux Enterprise Server 11 SP Sander van Vugt
Protect your server with SELinux on SUSE Linux Enterprise Server 11 SP Sander van Vugt Instructor, Consultant and Author Sandervanvugt.nl About Sander van Vugt Trainer, consultant and author Doing much
LFSCK 1.5 High Level Design
LFSCK 5 High Level Design 1 Introduction This document describes the agreed design decisions that will be implemented to achieve the goals of the Lustre File System ChecK (LFSCK )5 FID-in-dirent and linkea
DNE2 High Level Design
DNE2 High Level Design Introduction With the release of DNE Phase I Remote Directories Lustre* file systems now supports more than one MDT. This feature has some limitations: Only an administrator can
Advanced UNIX File Systems. Berkley Fast File System, Logging File System, Virtual File Systems
Advanced UNIX File Systems Berkley Fast File System, Logging File System, Virtual File Systems Classical Unix File System Traditional UNIX file system keeps I-node information separately from the data
The UNIX File System
The UNIX File System Magnus Johansson May 9, 2007 1 UNIX file system A file system is created with mkfs. It defines a number of parameters for the system, such as: bootblock - contains a primary boot program
Introduction The Project Lustre Architecture Performance Conclusion References. Lustre. Paul Bienkowski
Lustre Paul Bienkowski 2bienkow@informatik.uni-hamburg.de Proseminar Ein-/Ausgabe - Stand der Wissenschaft 2013-06-03 1 / 34 Outline 1 Introduction 2 The Project Goals and Priorities History Who is involved?
The UNIX File System
The UNIX File System Magnus Johansson (May 2007) 1 UNIX file system A file system is created with mkfs. It defines a number of parameters for the system as depicted in figure 1. These paremeters include
Operating Systems Lab
Operating Systems Lab Islamic University Gaza Engineering Faculty Department of Computer Engineering Fall 2012 ECOM 4010: Operating Systems Lab Eng: Ahmed M. Ayash Lab # 4 Paths, Links & File Permissions
Diskless Linux Clusters
Diskless Linux Clusters Ciro Cattuto ciro.cattuto@pg.infn.it Outline: Why diskless operation? Issues with diskless nodes Our choices Configuring the Linux kernel The boot sequence Pros and cons 1 Cost
RobinHood Policy Engine
RobinHood Policy Engine Quick Tour 2011/05/23 v2.3.0 The issue with large filesystems Common needs / usual solutions: Space usage accounting Per user, per group quotas Per project, per directory, du find
LUG 2012 From Lustre 2.1 to Lustre HSM IFERC (Rokkasho, Japan)
LUG 2012 From Lustre 2.1 to Lustre HSM Lustre @ IFERC (Rokkasho, Japan) Diego.Moreno@bull.net From Lustre-2.1 to Lustre-HSM - Outline About Bull HELIOS @ IFERC (Rokkasho, Japan) Lustre-HSM - Basis of Lustre-HSM
Zhang, Hongchao
2016-10-20 Zhang, Hongchao Legal Information This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice.
Lustre overview and roadmap to Exascale computing
HPC Advisory Council China Workshop Jinan China, October 26th 2011 Lustre overview and roadmap to Exascale computing Liang Zhen Whamcloud, Inc liang@whamcloud.com Agenda Lustre technology overview Lustre
Meeting Critical Security Objectives with Security-Enhanced Linux
Meeting Critical Security Objectives with Security-Enhanced Linux Peter A. Loscocco Information Assurance Research Group National Security Agency Co-author: Stephen D. Smalley, NAI Labs Information Assurance
OpenZFS Performance Improvements
OpenZFS Performance Improvements LUG Developer Day 2015 April 16, 2015 Brian, Behlendorf This work was performed under the auspices of the U.S. Department of Energy by under Contract DE-AC52-07NA27344.
An Exploration of New Hardware Features for Lustre. Nathan Rutman
An Exploration of New Hardware Features for Lustre Nathan Rutman Motivation Open-source Hardware-agnostic Linux Least-common-denominator hardware 2 Contents Hardware CRC MDRAID T10 DIF End-to-end data
An efficient method to avoid path lookup in file access auditing in IO path to improve file system IO performance
Technical Disclosure Commons Defensive Publications Series March 21, 2017 An efficient method to avoid path lookup in file access auditing in IO path to improve file system IO performance Arun Vishnu P
Virtual File System. Don Porter CSE 306
Virtual File System Don Porter CSE 306 History Early OSes provided a single file system In general, system was pretty tailored to target hardware In the early 80s, people became interested in supporting
Access Control. SELinux. Mestrado Integrado em Engenharia Informática e Computação. Computer Systems Security
Access Control SELinux Mestrado Integrado em Engenharia Informática e Computação Computer Systems Security João Carlos Eusébio Almeida - up201306301 João Gabriel Marques Costa - up201304197 May 17, 2017
CSci 4061 Introduction to Operating Systems. File Systems: Basics
CSci 4061 Introduction to Operating Systems File Systems: Basics File as Abstraction Naming a File creat/open ( path/name, ); Links: files with multiple names Each name is an alias #include
<Insert Picture Here> Btrfs Filesystem
Btrfs Filesystem Chris Mason Btrfs Goals General purpose filesystem that scales to very large storage Feature focused, providing features other Linux filesystems cannot Administration
Tutorial: Lustre 2.x Architecture
CUG 2012 Stuttgart, Germany April 2012 Tutorial: Lustre 2.x Architecture Johann Lombardi 2 Why a new stack? Add support for new backend filesystems e.g. ZFS, btrfs Introduce new File IDentifier (FID) abstraction
SE Linux Implementation LINUX20
SE Linux Implementation LINUX20 Russell Coker IBM eserver pseries, Linux, Grid Computing and Storage Technical University 7/7/2004 Licensed under the GPL Topic Objectives In this topic students will learn
Filesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
Lustre File System. Proseminar 2013 Ein-/Ausgabe - Stand der Wissenschaft Universität Hamburg. Paul Bienkowski Author. Michael Kuhn Supervisor
Proseminar 2013 Ein-/Ausgabe - Stand der Wissenschaft Universität Hamburg September 30, 2013 Paul Bienkowski Author 2bienkow@informatik.uni-hamburg.de Michael Kuhn Supervisor michael.kuhn@informatik.uni-hamburg.de
Directory. File. Chunk. Disk
SIFS Phase 1 Due: October 14, 2007 at midnight Phase 2 Due: December 5, 2007 at midnight 1. Overview This semester you will implement a single-instance file system (SIFS) that stores only one copy of data,
The Tux3 File System
Daniel Phillips Samsung Research America (Silicon Valley) d.phillips@partner.samsung.com 1 2013 SAMSUNG Electronics Co. Why Tux3? The Local filesystem is still important! Affects the performance of everything
ext4: the next generation of the ext3 file system
June07login_press.qxd:login June 06 Volume 31 5/27/07 10:22 AM Page 25 A V A N T I K A M A T H U R, M I N G M I N G C A O, A N D A N D R E A S D I L G E R ext4: the next generation of the ext3 file system
Virtual File System. Don Porter CSE 506
Virtual File System Don Porter CSE 506 History ò Early OSes provided a single file system ò In general, system was pretty tailored to target hardware ò In the early 80s, people became interested in supporting
CS2506 Quick Revision
CS2506 Quick Revision OS Structure / Layer Kernel Structure Enter Kernel / Trap Instruction Classification of OS Process Definition Process Context Operations Process Management Child Process Thread Process
SFA12KX and Lustre Update
Sep 2014 SFA12KX and Lustre Update Maria Perez Gutierrez HPC Specialist HPC Advisory Council Agenda SFA12KX Features update Partial Rebuilds QoS on reads Lustre metadata performance update 2 SFA12KX Features
Module: Operating System Security. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
RHCE BOOT CAMP. Filesystem Administration. Wednesday, November 28, 12
RHCE BOOT CAMP Filesystem Administration PARTITIONING What is partitioning? Splitting up a hard drive into organizable chunks Why? Isolates filesystem corruption Simplifies/speeds backups Allows optimizing
Pintos Project 4 File Systems. November 14, 2016
Pintos Project 4 File Systems November 14, 2016 Overview Requirements Implementation Project 4 will be done in src/filesys/ This means you will run make in src/filesys This means you will run tests in
COS 318: Operating Systems. Journaling, NFS and WAFL
COS 318: Operating Systems Journaling, NFS and WAFL Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Journaling and LFS Network
Security Enhanced Linux. Thanks to David Quigley
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4
Inode. Local filesystems. The operations defined for local filesystems are divided in two parts:
Local filesystems Inode The operations defined for local filesystems are divided in two parts: 1. Common to all local filesystems are hierarchical naming, locking, quotas attribute management and protection.
Intel Enterprise Edition Lustre (IEEL-2.3) [DNE-1 enabled] on Dell MD Storage
![Intel Enterprise Edition Lustre (IEEL-2.3) [DNE-1 enabled] on Dell MD Storage](/thumbs/92/109196544.jpg "Intel Enterprise Edition Lustre (IEEL-2.3) [DNE-1 enabled] on Dell MD Storage")
Intel Enterprise Edition Lustre (IEEL-2.3) [DNE-1 enabled] on Dell MD Storage Evaluation of Lustre File System software enhancements for improved Metadata performance Wojciech Turek, Paul Calleja,John
Overlayfs And Containers. Miklos Szeredi, Red Hat Vivek Goyal, Red Hat
Overlayfs And Containers Miklos Szeredi, Red Hat Vivek Goyal, Red Hat Introduction to overlayfs Union or? Union: all layers made equal How do you take the union of two files? Or a file and a directory?
W4118 Operating Systems. Instructor: Junfeng Yang
W4118 Operating Systems Instructor: Junfeng Yang File systems in Linux Linux Second Extended File System (Ext2) What is the EXT2 on-disk layout? What is the EXT2 directory structure? Linux Third Extended
HPC Input/Output. I/O and Darshan. Cristian Simarro User Support Section
HPC Input/Output I/O and Darshan Cristian Simarro Cristian.Simarro@ecmwf.int User Support Section Index Lustre summary HPC I/O Different I/O methods Darshan Introduction Goals Considerations How to use
File System Implementation. Sunu Wibirama
File System Implementation Sunu Wibirama File-System Structure Outline File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion File System Structure File
Qing Zheng Lin Xiao, Kai Ren, Garth Gibson
Qing Zheng Lin Xiao, Kai Ren, Garth Gibson File System Architecture APP APP APP APP APP APP APP APP metadata operations Metadata Service I/O operations [flat namespace] Low-level Storage Infrastructure
Improving I/O Bandwidth With Cray DVS Client-Side Caching
Improving I/O Bandwidth With Cray DVS Client-Side Caching Bryce Hicks Cray Inc. Bloomington, MN USA bryceh@cray.com Abstract Cray s Data Virtualization Service, DVS, is an I/O forwarder providing access
Lustre * 2.12 and Beyond Andreas Dilger, Intel High Performance Data Division LUG 2018
Lustre * 2.12 and Beyond Andreas Dilger, Intel High Performance Data Division LUG 2018 Statements regarding future functionality are estimates only and are subject to change without notice * Other names
Toward a Windows Native Client (WNC) Meghan McClelland LAD2013
Toward a Windows Native Client (WNC) Meghan McClelland Meghan_McClelland@xyratex.com LAD2013 Overview At LUG 2013 there was expressed strong interest in a WNC client. Xyratex acquired IP from Oracle. The
Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst
Operating Systems CMPSCI 377 Spring 2017 Mark Corner University of Massachusetts Amherst Clicker Question #1 For a sequential workload, the limiting factor for a disk system is likely: (A) The speed of
Frequently asked questions from the previous class survey
CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [FILE SYSTEMS] Shrideep Pallickara Computer Science Colorado State University L27.1 Frequently asked questions from the previous class survey How many choices
ò Server can crash or be disconnected ò Client can crash or be disconnected ò How to coordinate multiple clients accessing same file?
Big picture (from Sandberg et al.) NFS Don Porter CSE 506 Intuition Challenges Instead of translating VFS requests into hard drive accesses, translate them into remote procedure calls to a server Simple,
LIME: A Framework for Lustre Global QoS Management. Li Xi DDN/Whamcloud Zeng Lingfang - JGU
LIME: A Framework for Lustre Global QoS Management Li Xi DDN/Whamcloud Zeng Lingfang - JGU Why QoS of Lustre? Quality of Service (QoS) is a mechanism to ensure a "guaranteed performance ls latency needs
NFS. Don Porter CSE 506
NFS Don Porter CSE 506 Big picture (from Sandberg et al.) Intuition ò Instead of translating VFS requests into hard drive accesses, translate them into remote procedure calls to a server ò Simple, right?
1 / 23. CS 137: File Systems. General Filesystem Design
1 / 23 CS 137: File Systems General Filesystem Design 2 / 23 Promises Made by Disks (etc.) Promises 1. I am a linear array of fixed-size blocks 1 2. You can access any block fairly quickly, regardless
Design and Implementation of Views: Isolated Perspectives of a File System for Regulatory Compliance
Design and Implementation of Views: Isolated Perspectives of a File System for Regulatory Compliance Matthew W. Pagano Zachary N. J. Peterson The Johns Hopkins University Baltimore, Maryland, USA {mpagano,zachary}@cs.jhu.edu
MANDATORY ACCESS CONTROL SECURITY ENHANCED LINUX (SELINUX)
OPERATING SYSTEM SECURITY GUEST LECTURE MANDATORY ACCESS CONTROL SECURITY ENHANCED LINUX (SELINUX) PATRICK UITERWIJK PUITERWIJK@REDHAT.COM / PATRICK.UITERWIJK.ORG GPG KEY: 4096R/0X9AB51E50 0 MANDATORY
UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING WITH WEBSITE DEVELOPMENT SEMESTER ONE EXAMINATIONS 2018/2019 UNIX MODULE NO: CPU5003
[CRT08] UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING WITH WEBSITE DEVELOPMENT SEMESTER ONE EXAMINATIONS 2018/2019 UNIX MODULE NO: CPU5003 Date: Wednesday 16 th January 2019 Time: 10:00 12:00 INSTRUCTIONS
CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017
CS 471 Operating Systems Yue Cheng George Mason University Fall 2017 Review: RAID 2 RAID o Idea: Build an awesome disk from small, cheap disks o Metrics: Capacity, performance, reliability 3 RAID o Idea:
SELinux Policy Development. Jason Zaman FOSSASIA 2018 March 24 blog.perfinion.com
SELinux Policy Development Jason Zaman FOSSASIA 2018 March 24 blog.perfinion.com Overview 1. Whoami 2. What is SELinux? 3. Parts of an SELinux Policy 4. Policy Modules 5. Reference Policy a. Perms b. Patterns
VIRTUAL FILE SYSTEM AND FILE SYSTEM CONCEPTS Operating Systems Design Euiseong Seo
VIRTUAL FILE SYSTEM AND FILE SYSTEM CONCEPTS 2016 Operating Systems Design Euiseong Seo (euiseong@skku.edu) File Layout An entity that separates and isolates data Files have meanings only to applications
3/26/2014. Contents. Concepts (1) Disk: Device that stores information (files) Many files x many users: OS management
2013-2014 Contents 1. Concepts about the file system 2. The The disk user structure view 3. 2. Files The disk in disk structure The ext2 FS 4. 3. The Files Virtual in disk File The System ext2 FS 4. The
Filename encoding. and case-insensitive filesystems. Gabriel Krisman Bertazi
Filename encoding and case-insensitive filesystems Gabriel Krisman Bertazi Why an encoding-aware FS? Traditional UNIX-like approach: Opaque byte sequences. Because the other kids
<Insert Picture Here> Lustre Development
Lustre Development Eric Barton Lead Engineer, Lustre Group Lustre Development Agenda Engineering Improving stability Sustaining innovation Development Scaling
FILE SYSTEM IMPLEMENTATION. Sunu Wibirama
FILE SYSTEM IMPLEMENTATION Sunu Wibirama File-System Structure Outline File-System Implementation Directory Implementation Allocation Methods Free-Space Management Discussion File-System Structure Outline
Introduction to Linux
Introduction to Operating Systems All computers that we interact with run an operating system There are several popular operating systems Operating Systems OS consists of a suite of basic software Operating
Fall 2015 COMP Operating Systems. Lab #8
Fall 2015 COMP 3511 Operating Systems Lab #8 1 Outline Thrashing Working-Set model File system File system implementation 2 Q. 1 Please state the disadvantages and advantages with the following page replacement
1 / 22. CS 135: File Systems. General Filesystem Design
1 / 22 CS 135: File Systems General Filesystem Design Promises 2 / 22 Promises Made by Disks (etc.) 1. I am a linear array of blocks 2. You can access any block fairly quickly 3. You can read or write
Android Things Security Research in Developer Preview 2
1 Monthly Research 2017.2 Android Things Security Research in Developer Preview 2 E-Mail: research-feedback[at]ffri.jp Twitter: @FFRI_Research FFRI, Inc. http://www.ffri.jp/en Table of Contents Background
Securing Android-Powered Mobile Devices Using SELinux
Securing Android-Powered Mobile Devices Using SELinux This paper appears in: Security & Privacy, IEEE Issue Date: May- June 2010 Volume: 8 Issue:3 On page(s): 36-44 Asaf Shabtai, Yuval Fledel, and Yuval
RCU. ò Dozens of supported file systems. ò Independent layer from backing storage. ò And, of course, networked file system support
Logical Diagram Virtual File System Don Porter CSE 506 Binary Formats RCU Memory Management File System Memory Allocators System Calls Device Drivers Networking Threads User Today s Lecture Kernel Sync
Filesystem Hierarchy and Permissions
2 and Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1 Multiuser and Server Operating System systems are commonly used as a multi-user system E.g. multiple
CptS 360 (System Programming) Unit 6: Files and Directories
CptS 360 (System Programming) Bob Lewis School of Engineering and Applied Sciences Washington State University Spring, 2019 Motivation Need to know your way around a filesystem. A properly organized filesystem
CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT
CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote "Using Docker" for O'Reilly 40% Discount with AUTHD code Free Docker Security minibook http://www.oreilly.com/webops-perf/free/dockersecurity.csp
SELinux. Daniel J Walsh SELinux Lead Engineer
SELinux Daniel J Walsh SELinux Lead Engineer 0 Day Exploits Patch Cycle Someone discovers a vulnerability in software Package Maintainer and OS Vendor Notified Fix generated/distributed Fix installed by
CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University
![CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University](/thumbs/79/79186299.jpg "CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University")
Frequently asked questions from the previous class survey CS 370: OPERATING SYSTEMS [FILE SYSTEMS] Shrideep Pallickara Computer Science Colorado State University If you have a file with scattered blocks,
Disclaimer: this is conceptually on target, but detailed implementation is likely different and/or more complex.
Goal: get a better understanding about how the OS and C libraries interact for file I/O and system calls plus where/when buffering happens, what s a file, etc. Disclaimer: this is conceptually on target,
DDN s Vision for the Future of Lustre LUG2015 Robert Triendl
DDN s Vision for the Future of Lustre LUG2015 Robert Triendl 3 Topics 1. The Changing Markets for Lustre 2. A Vision for Lustre that isn t Exascale 3. Building Lustre for the Future 4. Peak vs. Operational
LPI LPI Level Junior Level Linux Certification Part 1 of 2. Download Full Version :
LPI 101-400 LPI Level 1 101 Junior Level Linux Certification Part 1 of 2 Download Full Version : http://killexams.com/pass4sure/exam-detail/101-400 Answer: B QUESTION: 102 How many fields are in a syntactically
Status of the Linux NFS client
Status of the Linux NFS client Introduction - aims of the Linux NFS client General description of the current status NFS meets the Linux VFS Peculiarities of the Linux VFS vs. requirements of NFS Linux
Introduction to Lustre* Architecture
Introduction to Lustre* Architecture Lustre* systems and network administration October 2017 * Other names and brands may be claimed as the property of others Lustre Fast, Scalable Storage for HPC Lustre*
we are here I/O & Storage Layers Recall: C Low level I/O Recall: C Low Level Operations CS162 Operating Systems and Systems Programming Lecture 18
I/O & Storage Layers CS162 Operating Systems and Systems Programming Lecture 18 Systems April 2 nd, 2018 Profs. Anthony D. Joseph & Jonathan Ragan-Kelley http://cs162.eecs.berkeley.edu Application / Service
VFS Interceptor: Dynamically Tracing File System Operations in real. environments
VFS Interceptor: Dynamically Tracing File System Operations in real environments Yang Wang, Jiwu Shu, Wei Xue, Mao Xue Department of Computer Science and Technology, Tsinghua University iodine01@mails.tsinghua.edu.cn,