Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dimkr/luufs

Lazy man's, user-mode union file system
https://github.com/dimkr/luufs

c files filesystem fuse security

Last synced: 17 days ago
JSON representation

Lazy man's, user-mode union file system

Host: GitHub
URL: https://github.com/dimkr/luufs
Owner: dimkr
License: mit
Created: 2014-01-10T22:58:58.000Z (almost 11 years ago)
Default Branch: master
Last Pushed: 2015-08-21T11:59:42.000Z (about 9 years ago)
Last Synced: 2024-10-03T12:45:02.477Z (about 1 month ago)
Topics: c, files, filesystem, fuse, security
Language: C
Homepage: http://rlsd2.dimakrasner.com
Size: 274 KB
Stars: 31
Watchers: 3
Forks: 6
Open Issues: 2
Metadata Files:
- Readme: README
- License: COPYING

Awesome Lists containing this project

README

         _              __

| |_   _ _   _ / _|___

| | | | | | | | |_/ __|

| | |_| | |_| |  _\__ \

|_|\__,_|\__,_|_| |___/

Overview

========

luufs is a lazy man's, user-mode union file system.

It takes two directories and creates a magical directory which shows their

unified contents.

luufs is a "compile once, run anywhere" alternative for Aufs

(http://aufs.sourceforge.net/) and Unionfs (http://unionfs.filesystems.org/),

implemented in user-mode via FUSE (http://fuse.sourceforge.net/).

However, luufs is very simple, so it does not fit in all use cases of more

complex union file systems. It operates according to three rules:

  1) The first directory is read-only and the second one is writeable. New files

     are created under the writeable directory, but read from both directories.

  2) If a file exists under both directories, the one under the read-only

     directory is preferred. This improves security, as files (e.g /bin/login)

     cannot be overwritten using external access to the writeable directory.

  3) Non-root processes cannot open new file descriptors via luufs (e.g open

     files), but can use existing file descriptors.

Therefore, luufs can be used to secure servers: they can be trapped under a

luufs mount point (using chroot), with a writeable directory mounted with the

MS_NOEXEC and MS_NODEV flags.

In addition, luufs has a read-only mirroring mode, in which a directory is

mirrored and changes are disallowed. It is similar to a bind mount, but may be

read-only even if the specified directory is writable.

Legal Information

=================

luufs is licensed under the MIT license, see COPYING for the license

text. For a list of its authors and contributors, see AUTHORS.

The ASCII art logo at the top was made using FIGlet (http://www.figlet.org/).