fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated readme

Browse Source
This commit is contained in:
fedir 2025-05-23 20:52:27 +02:00
parent 22cb958b4f
commit 2f4f1a0a56
Signed by: fedir
GPG Key ID: C959EE85F0C9362C
2 changed files with 38 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -32,7 +32,9 @@ Traditional access control mechanisms in operating systems allow the same level
## Usage
```
icfs <FUSE arguments> [target directory] [path to permanent permission database]
Usage: icfs <FUSE arguments> [target directory] [path to the permanent permissions database] <ICFS arguments>
--no-grant-on-create - do not give any access permissions on file creation(incompatible with --perm-on-create)
--perm-on-create - automatically give permanent access permission to files a process creates (incompatible with --no-grant-on-create)
```
The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. We highly recommend adding `-o default_permissions` to increase performance and add an additional security layer. If you have installed icfs along with `/etc/icfs` folder, you can create your permanent permission databases in this folder (you might want to do this, if your home folder does not have the "execute" permission for other users).
@ -47,6 +49,30 @@ env PATH="$(realpath ./build):$PATH" build/icfs <FUSE arguments> [target directo
The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to PATH, allowing ICFS to call it seamlessly.
#### Running tests
ICFS includes a testing script in the `test` directory.
You can run it **from `test` directory** by running:
```
./test.bash
```
All testing artifacts will be available in the appropriate folders after run. To test setuid capabilities too (**from `test` directory!!!**):
```
./test.bash --setuid
```
You can also test performance by adding `--performance` (**from `test` directory!!!**):
```
./test.bash --performance
```
***Important:*** **flags cannot be combined together (e.g. you can't add `--performance` and `--setuid`)**
## Docs
- [Initial idea and motivation](./docs/bc-thesis-idea.md)
@ -55,6 +81,6 @@ The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to P
## Credit
_Student:_ Fedir Kovalov
*Student:* Fedir Kovalov
_Supervisor:_ RNDr. Jaroslav Janáček, PhD.
*Supervisor:* RNDr. Jaroslav Janáček, PhD.

18
src/main.c
View File

@ -31,27 +31,27 @@ int main(int argc, char *argv[]) {
if (argc < 3) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any "
"arguments>\n\t--no-grant-on-create - do not give any "
"access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create "
"(incompatible with --perm-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files "
"a process creates "
"(incompatible with --no-perm-on-create)\n");
"(incompatible with --no-grant-on-create)\n");
return EXIT_FAILURE;
}
if ((0 == strcmp(argv[argc - 1], "--no-perm-on-create") &&
if ((0 == strcmp(argv[argc - 1], "--no-grant-on-create") &&
0 == strcmp(argv[argc - 2], "--temp-on-create")) ||
(0 == strcmp(argv[argc - 2], "--no-perm-on-create") &&
(0 == strcmp(argv[argc - 2], "--no-grant-on-create") &&
0 == strcmp(argv[argc - 1], "--temp-on-create"))) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any "
"arguments>\n\t--no-grant-on-create - do not give any "
"access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create "
"(incompatible with --perm-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files "
"a process creates "
"(incompatible with --no-perm-on-create)\n");
"(incompatible with --no-grant-on-create)\n");
return EXIT_FAILURE;
}
@ -59,7 +59,7 @@ int main(int argc, char *argv[]) {
// permissions than it's caller reqested
umask(0);
if (0 == strcmp(argv[argc - 1], "--no-perm-on-create")) {
if (0 == strcmp(argv[argc - 1], "--no-grant-on-create")) {
set_auto_create_perm(0);
argc--;
}