Status of SELinux support in Lustre

Similar documents
DataDirect Networks Japan, Inc.

Lustre & SELinux: in theory and in practice

Project Quota for Lustre

Remote Directories High Level Design

POWER EGG2.0 Ver.2.8 Initial Manual (English version)

Lustre Metadata Fundamental Benchmark and Performance

POWER EGG2.0 Ver.2.10c Initial Manual (English version)

Idea of Metadata Writeback Cache for Lustre

DNE2 High Level Design

Commit-On-Sharing High Level Design

CMD Code Walk through Wang Di

Multi-tenancy: a real-life implementation

Landlock LSM: toward unprivileged sandboxing

Lustre Clustered Meta-Data (CMD) Huang Hua Andreas Dilger Lustre Group, Sun Microsystems

File access-control per container with Landlock

Introduction The Project Lustre Architecture Performance Conclusion References. Lustre. Paul Bienkowski

Demonstration Milestone for Parallel Directory Operations

Overlayfs And Containers. Miklos Szeredi, Red Hat Vivek Goyal, Red Hat

Comparison RSUPPORT Product Make IT simple with RSUPPORT! RemoteHelp RemoteCall 5.0

Andreas Dilger, Intel High Performance Data Division LAD 2017

MAR2100 Maradin MEMS Drive & Control

NFS in Userspace: Goals and Challenges

Lustre SMP scaling. Liang Zhen

Quick Guide. RemoteCall ASP. Nov Copyright 2001~2012 RSUPPORT Co., Ltd. ALL RIGHTS RESERVED.

Lustre/HSM Binding. Aurélien Degrémont Aurélien Degrémont LUG April

Fall 2014:: CSE 506:: Section 2 (PhD) Securing Linux. Hyungjoon Koo and Anke Li

Lustre File System. Proseminar 2013 Ein-/Ausgabe - Stand der Wissenschaft Universität Hamburg. Paul Bienkowski Author. Michael Kuhn Supervisor

Enhancing Lustre Performance and Usability

Why lock down the kernel? Matthew Garrett

6.5 Collective Open/Close & Epoch Distribution Demonstration

OpenZFS Performance Improvements

Product Specifications

POWER EGG2.0 Ver.2.5 Initial Manual (English version)

Metadata Performance Evaluation LUG Sorin Faibish, EMC Branislav Radovanovic, NetApp and MD BWG April 8-10, 2014

Application of the Flask Architecture to the X Window System Server

Lustre Interface Bonding

Lustre 2.8 feature : Multiple metadata modify RPCs in parallel

NPTEL Course Jan K. Gopinath Indian Institute of Science

DLD for OPEN HANDLING in CMD

Security white paper

Lecture 19. NFS: Big Picture. File Lookup. File Positioning. Stateful Approach. Version 4. NFS March 4, 2005

NAME attr extended attributes on XFS filesystem objects. SYNOPSIS attr [ LRq ] s attrname [ V attrvalue ] pathname

Next Generation Collaborative Reversing with Ida Pro and CollabREate. Chris Eagle and Tim Vidas Naval Postgraduate School

Middleware MAC for Android. Stephen Smalley Trusted Systems Research National Security Agency

RCU. ò Walk through two system calls in some detail. ò Open and read. ò Too much code to cover all FS system calls. ò 3 Cases for a dentry:

VFS, Continued. Don Porter CSE 506

Operating Systems. File Systems. Thomas Ropars.

European Lustre Workshop Paris, France September Hands on Lustre 2.x. Johann Lombardi. Principal Engineer Whamcloud, Inc Whamcloud, Inc.

Intel Enterprise Edition Lustre (IEEL-2.3) [DNE-1 enabled] on Dell MD Storage

Systems Programming. 09. Filesystem in USErspace (FUSE) Alexander Holupirek

1 / 23. CS 137: File Systems. General Filesystem Design

Today: Distributed File Systems. File System Basics

Virtual File System. Don Porter CSE 506

Lustre Capability DLD

Today: Distributed File Systems

The Case for Security Enhanced (SE) Android. Stephen Smalley Trusted Systems Research National Security Agency

Fan Yong; Zhang Jinghai. High Performance Data Division

An Exploration of New Hardware Features for Lustre. Nathan Rutman

Lustre HSM at Cambridge. Early user experience using Intel Lemur HSM agent

Hardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users

CSE 486/586: Distributed Systems

Getting Memcached Secure. NEC OSS Promotion Center KaiGai Kohei

Operating System Security

Scalability Testing of DNE2 in Lustre 2.7 and Metadata Performance using Virtual Machines Tom Crowe, Nathan Lavender, Stephen Simms

Google Disk Farm. Early days

Protection Kevin Webb Swarthmore College April 19, 2018

1 / 22. CS 135: File Systems. General Filesystem Design

Cloud FastPath: Highly Secure Data Transfer

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

T10PI End-to-End Data Integrity Protection for Lustre

Lock Ahead: Shared File Performance Improvements

Lustre overview and roadmap to Exascale computing

REST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0

Outline. File Systems. File System Structure. CSCI 4061 Introduction to Operating Systems

Data life cycle monitoring using RoBinHood at scale. Gabriele Paciucci Solution Architect Bruno Faccini Senior Support Engineer September LAD

Lustre A Platform for Intelligent Scale-Out Storage

LUG 2012 From Lustre 2.1 to Lustre HSM IFERC (Rokkasho, Japan)

Architecting a High Performance Storage System

Lustre Client GSS with Linux Keyrings

Diagnosing Performance Issues in Cray ClusterStor Systems

Filename encoding. and case-insensitive filesystems. Gabriel Krisman Bertazi

RemoteWOL User Guide RemoteWOL WV0101 User Guide

Multi-Rail LNet for Lustre

Why I seldom file bugs against SELinux policy

ROEVER ENGINEERING COLLEGE DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Generalized File System Dependencies

Brennan IT. ServiceNow User Guide

Inode. Local filesystems. The operations defined for local filesystems are divided in two parts:

Lustre 2.12 and Beyond. Andreas Dilger, Whamcloud

RCU. ò Dozens of supported file systems. ò Independent layer from backing storage. ò And, of course, networked file system support

OCFS2 Mark Fasheh Oracle

Domain and Type Enforcement for Legacy File Systems. Robert Grimm

ò Server can crash or be disconnected ò Client can crash or be disconnected ò How to coordinate multiple clients accessing same file?

NFS. Don Porter CSE 506

The Challenges of XDP Hardware Offload

EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)

Distributed File Systems. CS 537 Lecture 15. Distributed File Systems. Transfer Model. Naming transparency 3/27/09

LustreFS and its ongoing Evolution for High Performance Computing and Data Analysis Solutions

ABSTRACT 2. BACKGROUND

Network File Systems

Transcription:

Status of SELinux support in Lustre 2017/05 DataDirect Networks, Inc. Sebastien Buisson sbuisson@

2 Status of SELinux support in Lustre LU-8956: security context at create Performance & correctness LU-9193: security context at lookup Atomicity LU-8955: Send SELinux policy info to server Kernel side SELinux enhancements Lustre side security awareness

3 LU-8956: security context at create SELinux-wise, atomicity of create addressed with patch: LU-5560 security: send file security context for creates Send file security context to MDT along with create RPC Close the insecure window between creation and setting of the security context

4 LU-8956: security context at create But patch needs to be improved: security context must be set on inode after create o Do not leave inode with uninitialized sec context o Avoid getxattr to fetch on-disk sec context New patch at: https://review.whamcloud.com/24426 Calls security_inode_notifysecctx() before d_instantiate(). Landed on Monday!

5 LU-8956: security context at create Performance improvement: Reduction of MDS-side contention

6 LU-9193: security context at lookup SELinux-wise, lookup operation not atomic ll_lookup_it sends request to MDS receives reply from MDS with PR lock granted ll_lookup_it_finish ll_splice_alias d_instantiate security_d_instantiate [ ] ll_getxattr(security.selinux) sends request to MDS now able to release PR lock

7 LU-9193: security context at lookup Client stat dir 1. lookup request 2. lookup reply + PR( dir ) lock granted MDS Client touch dir/filex P R 4. revoke PR( dir ) lock 5. getxattr(security.selinux) request 6. getxattr(security.selinux) reply 3. create request server thread waiting 7. PR( dir ) lock released 8. create reply + CW( dir ) lock granted C W

8 LU-9193: security context at lookup Client MDS stat dir 1. lookup request 2. lookup reply + PR( dir ) lock granted touch dir/filex P R 4. revoke PR( dir ) lock 5. getxattr(security.selinux) request 3. create request ALL server threads waiting

9 LU-9193: security context at lookup New patch, owner Bruno Faccini (Intel): https://review.whamcloud.com/26831 ll_lookup_it sends request to MDS receives reply from MDS with PR lock granted + sec ctx ll_lookup_it_finish security_inode_notifysecctx ll_splice_alias d_instantiate security_d_instantiate now able to release PR lock

10 LU-9193: security context at lookup P R Client stat dir 1. lookup request 2. lookup reply + PR( dir ) lock granted + security context 4. revoke PR( dir ) lock set security context MDS 3. create request ALL server threads waiting touch dir/filex 5. PR( dir ) lock released 6. create reply + CW( dir ) lock granted C W

11 LU-8955: Send SELinux policy info to server Distributed file systems specificity: Really need to make sure data is always accessed by nodes with SELinux policy properly enforced o Otherwise data is not protected, especially with SELinux MLS Retrieve SELinux status on client nodes Build a representation of policy s characteristics Send clients SELinux status to servers along with requests connect ldlm locks create - open - unlink - rename - getxattr - setxattr On servers, compare info received from clients with reference status stored into nodemap If they differ => Permission Denied

12 LU-8955: Send SELinux policy info to server Currently, kernel does not expose necessary information Most is only available via userspace commands or via /sys/fs/selinux/ Create a new Lustre usermode helper l_getsepol, writing back SELinux status to /proc/fs/lustre/<target>/srpc_sepol Usermode helper drawbacks Performance penalty! o Call only when policy changed Security flaw?

13 LU-8955: Send SELinux policy info to server Kernel side SELinux enhancements Compute a policy brief in SELinux kernel code: selinux(enforce=<0 or 1>:checkreqprot=<0 or 1>:<hashalg>=<checksum>) Update every time policy is modified. Add hook to expose policy brief to the rest of the kernel. Implement notifications to have hook called only when policy brief is updated. Usage on Lustre side policy brief used as SELinux status info sent from client to server.

14 LU-8955: Send SELinux policy info to server Kernel side SELinux enhancements Work on kernel patches is actively in progress. o Many different ideas from different maintainers Need Lustre Community push for o landing in upstream kernel Lustre being in staging is an obstacle Maintainers want to see Lustre code using the new SELinux hook o merge in CentOS/RH Lustre client s kernel cannot easily be patched at customer sites!

15 LU-8955: Send SELinux policy info to server Lustre side security awareness A lot of stuff happens on Lustre client after server s reply, eg:.atomic_open = ll_atomic_open ll_lookup_it sends req and receives reply from MDS ll_lookup_it_finish ll_splice_alias d_instantiate security_d_instantiate sets inode sec ctx finish_open do_dentry_open security_file_open applies policy on inode sec ctx.open = ll_file_open

16 LU-8955: Send SELinux policy info to server Lustre side security awareness A lot of stuff happens on Lustre client after server s reply. policy modified in the meantime.atomic_open = ll_atomic_open ll_lookup_it check SELinux status on server side ll_lookup_it_finish ll_splice_alias d_instantiate security_d_instantiate sets inode sec ctx finish_open do_dentry_open security_file_open applied policy is not the one checked before.open = ll_file_open

17 LU-8955: Send SELinux policy info to server Lustre side security awareness.atomic_open = ll_atomic_open ll_lookup_it sends req and receives reply from MDS ll_lookup_it_finish ll_splice_alias d_instantiate security_d_instantiate sets inode sec ctx finish_open do_dentry_open security_file_open applies policy on inode sec ctx.open = ll_file_open compare sequence of policy used in req with current if they differ call ll_invalidate_aliases() and return -EACCES

Thank You! Keep in touch with us Team-jpsales@ @ddn_limitless 102-0081 東京都千代田区四番町 6-2 東急番町ビル 8F TEL:03-3261-9101 FAX:03-3261-9140 company/datadirect-networks

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback