[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dazuko-devel] Re: Future of dazuko..
From: |
John Ogness |
Subject: |
[Dazuko-devel] Re: Future of dazuko.. |
Date: |
Mon, 02 May 2005 12:52:09 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 |
Jinu Mathew Joy wrote:
Basically we want to have a peep at Dazuko's roadmap and there is no
better person to answer this than you!
Hi,
The 2.1.0 version of Dazuko is currently as pre-release available. This new
version has many dramatic changes to Dazuko over the 2.0.x version. Some of
these include:
1. added abstraction layer to the userspace side
This makes it possible to port Dazuko to many other platforms (such as DOS
and Windows).
2. no longer uses an internal list of "open files"
This takes care of all reported memory leak issues, increases speed, and
increases event reliability. The internal list was used to be able to
correctly identify "close" events. But a much more accurate and efficient
method has been implemented for 2.1.0.
3. new "Trusted Application Framework"
This allows non-registered applications to be trusted by the Dazuko system.
This is particularly useful for anti-virus scanners, where the scanning
process is not the same process/thread as the registered process.
4. allowing "exec" events without causing kernel re-entrance
Before 2.1.0 if a registered application called an exec(), this caused an
EXEC event to be generated and sent to the registered process. This
"recursive" event could cause problems with applications not aware of this.
With 2.1.0 the event is not generated for that application's group (it is
still generated for the other groups). Applications no longer have to be
afraid of calling functions that generated events (that they must handle).
5. separate configuration for each group
Before 2.1.0 all registered applications shared the same set of
include/exclude paths and access mask. With 2.1.0 each group has their own
set of configurations.
6. caching interface available
2.1.0 extends the interface to support systems that cache events (to reduce
context switches). Currently only RSBAC systems support this feature.
7. 32/64-bit compatibility
2.1.0 will be able to support 64-bit kernels talking to 32-bit applications.
As you can see, 2.1.0 offers many significant changes over 2.0.x. During the
2.1.x cycle, there will be only bug fixes and optimizations. Big
feature/structure changes occur only during major release changes (for
example, from 2.1.x to 2.2.0). It is planned that 2.1.0 becomes the official
stable version sometime in June 2005.
Some work has also begun on 2.2.0. At the moment there are 2 major items on
that list:
1. based on DazukoFS
Before 2.2.0 Dazuko is based on the system call table. Although effective,
this implementation is frowned upon by many security experts. Dazuko is
"hooking" the system call table to hijack events. For 2.2.0 Dazuko will be
moved deeper into the kernel (to the VFS layer). There it will work as a
stackable filesystem. This guarentees that Dazuko can capture all events and
also is the preferred method recommended by security experts. However, this
is a big change, which will cause the "meaning" of events to change
slightly. It will also mean that an administrator must use a completely
different procedure for setting up Dazuko (mounting a stackable filesystem).
The Dazuko-based applications themselves will not need be changed. (A
stackable filesytem should also allow Dazuko to work together with SELinux
or AppArmor without any issues.)
2. fine-grained masking
Before 2.2.0 applications could use include/exclude paths and an access mask
to define what type of events they are interested in. For 2.2.0 it is
planned to actually user the dazuko_event object itself to define
interesting events. This would allow an application to specify things like:
"I am interested in open events, from user 1004, in directory /home/user,
that are owned by user 0". It is still being decided if regular expressions
and number ranges are going to be permitted.
Because of these major changes, preleases for 2.2.0 should start showing up
really early (sometime in June 2005). A stable version is planned for
February 2006 (although this date might be a bit optimistic).
There are other items that are planned, but they are of much less
significance and will probably show up sometime during the 2.1.x releases.
Right now most of the efforts are going into getting 2.1.0 finished. At that
point it will be easier to define a clearer roadmap for 2.1.x and 2.2.0.
John Ogness
P.S. I have CC'd this to dazuko-devel because it contains a lot of
information that I am sure is interesting to the Dazuko development community.
--
Dazuko Maintainer
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dazuko-devel] Re: Future of dazuko..,
John Ogness <=