https://github.com/quark-zju/filterefs
filter filesystem using regular expressions
https://github.com/quark-zju/filterefs
Last synced: 3 months ago
JSON representation
filter filesystem using regular expressions
- Host: GitHub
- URL: https://github.com/quark-zju/filterefs
- Owner: quark-zju
- License: gpl-2.0
- Created: 2014-09-29T05:07:53.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2014-11-10T11:04:37.000Z (over 10 years ago)
- Last Synced: 2025-01-08T08:45:53.812Z (5 months ago)
- Language: C
- Size: 313 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: COPYING
Awesome Lists containing this project
README
filterefs
=========
`mount --bind / somewhere` with POSIX extended regular expression filters to control which files can be read and/or written.
filterefs tries to be efficient and simple.
Dependencies
------------
* fuse (>= 2.6, < 3.0)
Build
-----
Just run `make`.
The project uses `__attribute__((constructor))`, you should use a C compiler that supports it.
Usage
-----
Check `filterefs -h` for details. Here is a quick example:
```bash
$ cd /tmp
$ cat > ./readable <<'EOF'
/dev(/(full|null|urandom|random|zero))?
/(bin|lib|lib64|usr|tmp|etc|proc)(/.*)?
!/proc/1(/.*)?
EOF
$ cat > ./writable <<'EOF'
/tmp(/.*)?
!/tmp/abc
EOF
$ mkdir -p ./root
# `-o allow_other` is required for chroot to work
$ filterefs ./root -r ./readable -w ./writable -o allow_other
$ sudo chroot ./root /bin/sh
$ ls /
bin dev etc lib lib64 proc tmp usr
$ ls /dev
full null random urandom zero
# this is okay
$ touch /tmp/def
# these will fail
$ touch /tmp/abc
$ mv /tmp/def /tmp/abc
```
Notes
-----
The config files must NOT contain user-generated-content.
filterefs does not verify every regular expression and is vulnerable to regular expression injection.
FUSE enforces `-o nodev,nosuid` for non-root users. If you want to use device files, run filterefs as root and add `-o dev`.
License
-------
GPL2.