CN101964035A - Linux operating system file safety system and electronic device - Google Patents
Linux operating system file safety system and electronic device Download PDFInfo
- Publication number
- CN101964035A CN101964035A CN 201010502755 CN201010502755A CN101964035A CN 101964035 A CN101964035 A CN 101964035A CN 201010502755 CN201010502755 CN 201010502755 CN 201010502755 A CN201010502755 A CN 201010502755A CN 101964035 A CN101964035 A CN 101964035A
- Authority
- CN
- China
- Prior art keywords
- space
- file system
- user
- local file
- layer unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention is applied to the field of computer software and provides a Linux operating system file safety system and an electronic device. The system comprises a virtual file system, a local file system and a logic layer unit located between the virtual file system and the local file system and used for dividing the local file system into a user space and a system space; the system space is used for mounting a read-only local file system of the operating system; and the user space is used for storing a read-write local file system for doing any change to the operating system. By adding a logic layer unit between the virtual file system and the local file system, the embodiment of the invention limits the operating system in a read-only system space so that it is easy to recover the original state of the operating system; thus, the working amount of the system maintenance is reduced extremely and the safety of the system is protected to the most degree. The logic layer unit can realize the safety system on the premise of no influencing the normal use of users.
Description
Technical field
The invention belongs to computer software fields, relate in particular to a kind of (SuSE) Linux OS document security system and electronic equipment.
Background technology
File system is as one of the subsystem of core in the (SuSE) Linux OS, and responsible organization and management is stored in the data on the various media, is the standard interface of these data of user capture, also is unique interface simultaneously, and therefore, its importance is self-evident.How to guarantee the safe and reliable of file system, resist external malicious attack or misoperation of users, for realizing that safe and reliable running environment is significant.But up to now, also not having not to influence under the normal prerequisite of using of user, thereby safeguards the system of the security of (SuSE) Linux OS by the maintaining file system security.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of (SuSE) Linux OS document security system, thereby is intended to solve the problem of safeguarding the (SuSE) Linux OS security by the maintaining file system security.
The embodiment of the invention is achieved in that a kind of (SuSE) Linux OS document security system, and described system comprises:
Virtual File System;
Local file system; And
The logical layer unit, between described Virtual File System and local file system, described local file system is divided into user's space and system space, described system space is used for the read-only local file system of installing operating system, and described user's space is used to preserve the read-write local file system of any modification that operating system is done.
Another purpose of the embodiment of the invention is to provide a kind of electronic equipment that comprises described (SuSE) Linux OS document security system.
The embodiment of the invention is by adding the logical layer unit between Virtual File System and local file system, operating system is limited in read-only system space, and system space and user's space isolated mutually, make system when occurring wrong even collapsing, can reply the virgin state of operating system at an easy rate.Make the workload of system maintenance reduce to minimum, at utmost protected the security of system.Described logical layer unit can not influence this security system of realization under the normal prerequisite of using of user.
Description of drawings
Fig. 1 is the device synoptic diagram of the document security system that provides of the embodiment of the invention;
Fig. 2 is the structural representation of the logical layer cell S ecureFS that provides of the embodiment of the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
The embodiment of the invention is limited in read-only system space and system space and user's space with operating system and isolates mutually by add a logical layer unit between Virtual File System and local file system, thereby has safeguarded the security of operating system.The interpolation of described logical layer unit makes this system to realize under the prerequisite that does not influence the normal use of user.
The embodiment of the invention provides a kind of (SuSE) Linux OS document security system:
Described system comprises:
Virtual File System;
Local file system; And
The logical layer unit, between described Virtual File System and local file system, described local file system is divided into user's space and system space, described system space is used for the read-only local file system of installing operating system, and described user's space is used to preserve the read-write local file system of any modification that operating system is done.
For technical solutions according to the invention are described, describe below by specific embodiment.
Embodiment one:
Fig. 1 shows the structure of the (SuSE) Linux OS document security system that the embodiment of the invention provides, and for convenience of explanation, only shows the part relevant with the embodiment of the invention.This document security system can be to be built in the various unit that combine based on the software unit in the electronic equipment of (SuSE) Linux OS, hardware cell or software and hardware such as set-top box, Digital Television, perhaps is integrated in the application system of these equipment or these equipment as suspension member independently.Comprising:
Virtual File System 11, local file system 13 and the logical layer cell S ecureFS12 between Virtual File System 11 and local file system 13.Wherein, logical layer cell S ecureFS12 with local file system 13 minutes for system space 14 and user's space 15.
Virtual File System 11, it is an interface layer between local file system and the service, it carries out abstract to all details of each file system of Linux, make other processes that different file system is moved in Linux core and system, all is identical.
Logical layer cell S ecureFS12 is a logical layer unit between Virtual File System and the local file system.From the angle of Virtual File System, logical layer cell S ecureFS is equivalent to a local file system, provides the interface identical with local file system to be connected with described Virtual File System.From the angle of local file system, logical layer cell S ecureFS is equivalent to a Virtual File System, provides and the Virtual File System identical functions, and described local file system is combined mutually.
User's space 15 is used to preserve the read-write local file system of any modification that operating system is done.
In embodiments of the present invention, because system space is read-only, and user's space is read-write.When operating system installation during, whenever can safeguard its virgin state, and all be saved in the user's space for any modification that operating system is done at system space.By this method; when system occurs wrong even collapses; just can be returned to the virgin state of operating system by deletion some file in the user's space, the workload of system maintenance be reduced to minimum, thereby farthest protected the security and the reliability of system.
Embodiment two:
Fig. 2 shows the inner structure of the logical layer cell S ecureFS of embodiment of the invention proposition.
Comprising, directory tree merges module 21, priority block 22, removing module 23, atomicity module 24.
Directory tree merges module 21, when system start-up, by the file system directories of system space and user's space tree being merged into a complete directory tree and adding in the Virtual File System, thereby realized the angle from the user, total system is just as being stored in the single subregion that file system type is SecureFS.Thereby can not influence user's normal use.
In embodiments of the present invention, because system space is read-only, so the file in the system space can not be revised.So, if revised the file of operating system, then this document copy must be kept in the user's space, may deposit same file name but content file inequality at the same directory location of system space and user's space like this, causes the replication problem of file.
For example: user's modification in the system file/content of etc/profile the inside, the copy of so new file need be kept in the user's space, at this moment just all exists at system space and user's space/the etc/profile file.If the priority that user's space priority is higher than system space is set in priority block, then only select the FileVersion in the user's space, just can not cause the problem of file in system space and user's space repetition.
Removing module 23 by set up the shielding file in user's space, reaches the purpose of the file in the deletion system space.
In embodiments of the present invention, because system space is read-only, therefore can't delete the file in the system space.At this moment, when the some file in system space of needs deletions, then set up the described file in the shielding file screen system space in user's space, the path of described shielding file in user's space is consistent with the path in system space.
For example: deleted file is/etc/profile, and this document is present in the system space, creates a shielding file/etc/_remove_profiel so the most at last in user's space, with in the tag system space /the etc/profiel file is deleted.When system carries out search operation, run into _ the removed_proflie file then can ignore searching of corresponding document profile in the system space.
In embodiments of the present invention, operation may relate to these two different local file systems of system space and user's space simultaneously, so operating result is if the problem that system is in inconsistent state will appear in the part case of successful.This just need keep the atomicity of these various operations of system in proper order by correct selection operation.
For example: in deletion action, system needs deleted file profile, this document is present in system space and the user's space simultaneously, if deletion action has been deleted earlier the profile file and then has been created shielding file _ removed_profile in user's space, machine will have little time the profile file in the shielding harness space before the operation of establishment _ removed_profile file is finished so, and this moment, inconsistent state will appear in system.If when carrying out deletion action, the profile file of creating shielding file _ removed_profile and then deletion user's space earlier will this problem can not occur on the contrary.
The embodiment of the invention is by adding the logical layer unit between Virtual File System and local file system, operating system is limited in read-only system space, and system space and user's space isolated mutually, make system when occurring wrong even collapsing, can reply the virgin state of operating system at an easy rate.Make the workload of system maintenance reduce to minimum, at utmost protected the security of system.Described logical layer unit can not influence this security system of realization under the normal prerequisite of using of user.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a (SuSE) Linux OS document security system is characterized in that, described system comprises:
Virtual File System;
Local file system; And
The logical layer unit, between described Virtual File System and local file system, described local file system is divided into user's space and system space, described system space is used for the read-only local file system of installing operating system, and described user's space is used to preserve the read-write local file system of any modification that operating system is done.
2. device as claimed in claim 1 is characterized in that, described logical layer unit provides the interface identical with local file system to be connected with described Virtual File System.
3. device as claimed in claim 1 is characterized in that, described logical layer unit provides and the Virtual File System identical functions, and described local file system is combined mutually.
4. device as claimed in claim 1 is characterized in that, described logical layer unit comprises:
Directory tree merges module, is used for when system start-up, the file system directories tree of described system space and user's space is merged into a complete directory tree and adds in the described Virtual File System.
5. as the described device of claim 1 to 4, it is characterized in that described logical layer unit also comprises:
Priority block is used to be provided with the priority of user's space and system space.
6. as the described device of claim 1 to 4, it is characterized in that described logical layer unit also comprises:
Removing module by set up the shielding file in user's space, reaches the purpose of the file in the deletion system space.
7. as the described device of claim 1 to 4, it is characterized in that described logical layer unit also comprises:
The atomicity module keeps the atomicity of these various operations of system in proper order by correct selection operation.
8. an electronic equipment is characterized in that, described system comprises the described (SuSE) Linux OS document security system of the arbitrary claim of claim 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010502755 CN101964035A (en) | 2010-10-11 | 2010-10-11 | Linux operating system file safety system and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010502755 CN101964035A (en) | 2010-10-11 | 2010-10-11 | Linux operating system file safety system and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101964035A true CN101964035A (en) | 2011-02-02 |
Family
ID=43516902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010502755 Pending CN101964035A (en) | 2010-10-11 | 2010-10-11 | Linux operating system file safety system and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101964035A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
| CN103473062A (en) * | 2013-09-13 | 2013-12-25 | 惠州Tcl移动通信有限公司 | Method and system for mobile terminal customization based on user space file system |
| CN105740736A (en) * | 2014-12-12 | 2016-07-06 | 北京元心科技有限公司 | Method and device for realizing safe operation of file system |
| CN113377386A (en) * | 2021-06-23 | 2021-09-10 | 支付宝(杭州)信息技术有限公司 | Installation package installation method, device and equipment without decompression |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553339A (en) * | 2003-06-05 | 2004-12-08 | 联想(北京)有限公司 | Fine granule quick camera carry-out method |
| CN101008926A (en) * | 2007-01-15 | 2007-08-01 | 刘金刚 | Method for designing reliable and secure mechanism of operation system |
| US20080178290A1 (en) * | 2006-12-12 | 2008-07-24 | Security Networks Aktiengesellschaft | Method of secure data processing on a computer system |
-
2010
- 2010-10-11 CN CN 201010502755 patent/CN101964035A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553339A (en) * | 2003-06-05 | 2004-12-08 | 联想(北京)有限公司 | Fine granule quick camera carry-out method |
| US20080178290A1 (en) * | 2006-12-12 | 2008-07-24 | Security Networks Aktiengesellschaft | Method of secure data processing on a computer system |
| CN101008926A (en) * | 2007-01-15 | 2007-08-01 | 刘金刚 | Method for designing reliable and secure mechanism of operation system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268455A (en) * | 2013-05-09 | 2013-08-28 | 华为技术有限公司 | Method and device for accessing data |
| CN103268455B (en) * | 2013-05-09 | 2015-12-02 | 华为技术有限公司 | The access method of data and device |
| CN103473062A (en) * | 2013-09-13 | 2013-12-25 | 惠州Tcl移动通信有限公司 | Method and system for mobile terminal customization based on user space file system |
| WO2015035774A1 (en) * | 2013-09-13 | 2015-03-19 | 惠州Tcl移动通信有限公司 | Customization method and system for mobile terminal based on user space file system |
| CN103473062B (en) * | 2013-09-13 | 2017-01-18 | Tcl移动通信科技(宁波)有限公司 | Method and system for mobile terminal customization based on user space file system |
| CN105740736A (en) * | 2014-12-12 | 2016-07-06 | 北京元心科技有限公司 | Method and device for realizing safe operation of file system |
| CN113377386A (en) * | 2021-06-23 | 2021-09-10 | 支付宝(杭州)信息技术有限公司 | Installation package installation method, device and equipment without decompression |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11080260B2 (en) | Concurrent reads and inserts into a data structure without latching or waiting by readers | |
| CN101809566B (en) | Efficient file hash identifier computation | |
| US20140089266A1 (en) | Information processing system | |
| US11120011B2 (en) | Database transaction log writing and integrity checking | |
| US9449169B2 (en) | Block storage virtualization on commodity secure digital cards | |
| US11328064B2 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| US20150142749A1 (en) | Method and system for a safe archiving of data | |
| CN108733311B (en) | Method and apparatus for managing storage system | |
| CN102323930B (en) | Mirroring data changes in a database system | |
| US11693963B2 (en) | Automatic ransomware detection with an on-demand file system lock down and automatic repair function | |
| US10509767B2 (en) | Systems and methods for managing snapshots of a file system volume | |
| WO2012066007A1 (en) | Method and system for facilitated search, list, and retrieval operations on persistent data set using distributed shared memory | |
| CN101964035A (en) | Linux operating system file safety system and electronic device | |
| EP2241987B1 (en) | Method and system for safely deleting information from a computer | |
| CN111104388B (en) | Method, apparatus and computer readable medium for accessing files | |
| CN110162429A (en) | System repair, server and storage medium | |
| CN111143231B (en) | Method, apparatus and computer program product for data processing | |
| CN102414658B (en) | Capturing and loading operating system states | |
| CN104978226A (en) | Input/output redirection method, virtualization system and method and content delivery device | |
| CN110727545B (en) | Power-down protection method based on joint file system | |
| US9904602B1 (en) | Secure search | |
| CN105095111A (en) | Method for improving safety of storage virtualization and storage virtualization device | |
| CN110941591A (en) | File deletion method, device and equipment and readable storage medium | |
| CN110806952A (en) | Virtual storage protection method and system | |
| US11809717B2 (en) | Data managing method, an electric device, and a computer program product for efficient management of services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110202 |