Mhoroi mose, tiri kugoverana nemi chikamu chechipiri chebhuku "Virtual file system muLinux: nei ichidikanwa uye inoshanda sei?" Unogona kuverenga chikamu chekutanga . Ngatikuyeuchidzei kuti nhevedzano yezvinyorwa iyi yakarongwa kuti ienderane nekutangwa kwerukova rutsva pachikoro. , iyo inotanga nokukurumidza.
Maitiro ekutarisa VFS uchishandisa eBPF uye bcc maturusi
Nzira iri nyore yekunzwisisa kuti kernel inoshanda sei pamafaira sysfs ndeyekuzviona mukuita, uye nzira iri nyore yekuona ARM64 ndeye kushandisa eBPF. eBPF (pfupi yeBerkeley Packet Filter) ine muchina chaiwo unoshanda mukati , izvo vashandisi vane rombo vanogona kukumbira (query) kubva pamutsetse wekuraira. Iyo kernel masosi inoudza muverengi izvo kernel inogona kuita; kumhanya maturusi eBPF pane yakarodha system inoratidza izvo kernel iri kuita chaizvo.
Neraki, kutanga kushandisa eBPF kuri nyore nerubatsiro rwezvishandiso , ayo anowanikwa semapakeji kubva kune general distribution uye yakanyorwa zvakadzama . Zvishandiso bcc magwaro ePython ane madiki akaiswa eC kodhi, zvinoreva kuti chero munhu anoziva mitauro miviri anogona kuigadzirisa zviri nyore. IN bcc/tools Kune makumi masere Python scripts, zvinoreva kuti kazhinji mugadziri kana sisitimu maneja achakwanisa kusarudza chinhu chakakodzera kugadzirisa dambudziko.
Kuti uwane kanenge kapfungwa kekuti maVFS anoita basa rei pane inomhanya sisitimu, edza vfscount kana vfsstat. Izvi zvicharatidza, ngatiti, kuti akawanda emafoni vfs_open() uye “shamwari dzake” zvinoitika sekondi yoga yoga.
vfsstat.pyiPython script ine C kodhi inoisa inongoverenga VFS basa mafoni.
Ngatipei imwe muenzaniso isingakoshi uye tione zvinoitika patinoisa USB flash drive mukombuta uye system inozviona.
Uchishandisa eBPF unogona kuona zviri kuitika mukati
/syskana USB flash drive yaiswa. Muenzaniso wakapfava uye wakaoma unoratidzwa pano.
Mumuenzaniso waratidzwa pamusoro, bcc chishandiso inodhinda meseji kana murairo waitwa sysfs_create_files(). Tinozviona izvozvo sysfs_create_files() yakatangwa kushandiswa kworker rwizi uchipindura kune chokwadi chekuti flash drive yakaiswa, asi faira ripi rakagadzirwa? Muenzaniso wechipiri unoratidza simba reBPF. Here trace.py Inodhinda kernel backtrace (-K sarudzo) uye zita refaira rakagadzirwa sysfs_create_files(). Kuisa chirevo chimwe chete iC kodhi iyo inosanganisira tambo inonzwisisika yefomati yakapihwa nePython script inomhanya LLVM. just-in-time compiler. Iyo inounganidza iyi mutsara uye inouita mumushini chaiwo mukati me kernel. Full basa siginicha sysfs_create_files () inofanira kudzokororwa mumurairo wechipiri kuitira kuti tambo yefomati inogona kureva imwe yemiganhu. Zvikanganiso muchikamu ichi cheC kodhi zvinokonzeresa zvikanganiso zvinozivikanwa kubva kuC compiler. Semuenzaniso, kana iyo -l parameter ikasiiwa, uchaona "Yakundikana kuunganidza BPF mavara." Vagadziri vanoziva C uye Python vachawana maturusi bcc nyore kuwedzera uye kuchinja.
Kana iyo USB drive yaiswa, iyo kernel backtrace inoratidza kuti PID 7711 ishinda. kworkeriyo yakagadzira faira «events» в sysfs. Naizvozvo, kufona kubva sysfs_remove_files() zvicharatidza kuti kubvisa dhiraivha kwaita kuti faira ribviswe events. Panguva imwe chete, kuona sysfs_create_link () neBPF uchiisa USB drive inoratidza kuti angangoita makumi mana nemasere ekufananidzira ma link agadzirwa.
Saka chii chinangwa chefaira rezviitiko? Usage Zvekutsvaga , inoratidza zvazvinokonzera disk_add_events (),uye kana "media_change", kana "eject_request" inogona kurekodhwa mufaira rechiitiko. Pano iyo kernel block layer inozivisa mushandisi kuti "disk" yaonekwa uye yakaburitswa. Ziva kuti nzira iyi yekutsvagisa inodzidzisa sei nekuisa USB drive, zvichienzaniswa nekuyedza kuona kuti zvinhu zvinoshanda sei kubva kwakabva.
Kuverenga-chete midzi faira masisitimu anogonesa akamisikidzwa zvishandiso
Ehe, hapana anodzima sevha kana komputa yavo nekudhonza plug kubva pasocket. Asi nei? Izvi zvinodaro nekuti akamisikidzwa faira masisitimu pamidziyo yekuchengetera yemuviri anogona kunge aine lagging anonyora, uye iyo data zvimiro zvinorekodha mamiriro avo anogona kunge asina kuwiriraniswa nekunyora kune yekuchengetedza. Kana izvi zvikaitika, varidzi vehurongwa vanofanirwa kumirira kusvika bhutsu inotevera kuti itange iyo yekushandisa. fsck filesystem-recovery uye, panguva yakaipisisa, kurasikirwa nedata.
Nekudaro, isu tese tinoziva kuti akawanda maIoT zvishandiso, pamwe nemarouter, thermostats uye mota, zvino mhanyisa Linux. Zvizhinji zvezvishandiso izvi zvine zvishoma kana zvisina mushandisi interface, uye hapana nzira yekudzima "zvakachena." Fungidzira uchitanga mota ine bhatiri rakafa kana simba kune control unit riri kugara uchisvetuka-svetuka. Zvinoita sei kuti system bhutsu isina nguva refu fsckinjini inotanga kushanda rini? Uye mhinduro iri nyore. Midziyo yakamisikidzwa inovimba nemudzi faira system (yakapfupikiswa ro-rootfs (verenga-chete mudzi fileystem)).
ro-rootfs inopa zvikomborero zvakawanda zvisinganyatsooneki pane zvechokwadi. Imwe mukana ndeyekuti malware haigone kunyora kune /usr kana /lib, kana pasina Linux maitiro anogona kunyora ipapo. Imwezve ndeyekuti iyo isingachinjike faira sisitimu yakakosha parutsigiro rwemumunda yezvishandiso zviri kure, sezvo vashandi vekutsigira vachivimba nemasisitimu emunharaunda ayo akafanana nemasisitimu emunda. Zvichida iyo inonyanya kukosha (asi zvakare inonyengera) bhenefiti ndeyekuti ro-rootfs inomanikidza vanogadzira kuti vasarudze kuti ndezvipi zvinhu zvehurongwa zvisingashanduke padanho rekugadzira system. Kushanda ne ro-rootfs kunogona kuve kwakaoma uye kunorwadza, sezvo const variables kazhinji iri mumitauro yepurogiramu, asi mabhenefiti avo anoruramisa zviri nyore kuwedzera pamusoro.
zvisikwa rootfs Kuverenga-chete kunoda kumwe kuedza kwevakamisikidzwa vagadziri, uye apa ndipo panouya VFS mumufananidzo. Linux inoda kuti mafaera ave mukati /var zvainyorwa, uye nekuwedzera, akawanda maapplication akakurumbira anomhanyisa masisitimu akaiswa anoedza kugadzira zvigadziriso dot-files в $HOME. Imwe mhinduro yemafaira ekugadzirisa mune dhairekitori repamba kazhinji ndeyekutanga kugadzira uye kuvavakira mukati rootfs. nokuti /var Imwe nzira inogoneka ndeyekuiisa pane yakaparadzana inonyorwa partition, nepo / yakasungirirwa kuverenga-chete. Imwe nzira yakakurumbira ndeye kushandisa bind kana overlay mounts.
Anosungirirwa uye anogadzika makomo, kushandiswa kwawo nemidziyo
Kuita murairo man mount ndiyo nzira yakanakisa yekudzidza nezve zvinosungirirwa uye zvinokwirisa, izvo zvinopa vanogadzira uye masisitimu maneja kugona kugadzira faira system mune imwe nzira vozoisa pachena kune maapplication mune imwe. Kune masisitimu akaiswa, izvi zvinoreva kugona kuchengeta mafaera mukati /var pane yekuverenga-chete flash drive, asi yakavharika kana yakabatana nzira yekukwira kubva tmpfs в /var kana ichirodha, inobvumira maapplication kunyora manotsi ipapo (scrawl). Nguva inotevera paunobatidza shanduko ku /var acharasika. Gomo repamusoro rinogadzira mubatanidzwa pakati tmpfs uye iyo yepasi faira system uye inokutendera iwe kuti uite shanduko dzinooneka kune aripo mafaera mukati ro-tootf nepo gomo rinosungirirwa rinogona kuita kuti matsva asava nechinhu tmpfs maforodha anooneka seanonyorwa mukati ro-rootfs nzira. Apo overlayfs iyi ndiyo chaiyo (proper) file system type, bindable gomo rinoitwa mukati .
Kubva pane tsananguro yeakafukidzwa uye anosungirirwa gomo, hapana anoshamisika izvozvo vari kushingaira kushandiswa. Ngationei zvinoitika patinoshandisa kumhanyisa mudziyo uchishandisa mudziyo mountsnoop от bcc.
Dambudziko system-nspawn anotanga chigaba achimhanya mountsnoop.py.
Ngationei zvakaitika:
Kutanga mountsnoop nepo mudziyo uri "booting" unoratidza kuti nguva yekumhanya yemudziyo inotsamira zvakanyanya pane gomo riri kubatanidzwa (Kutanga chete kwekubuda kwakareba kunoratidzwa).
zviri systemd-nspawn inopa mafaira akasarudzwa mukati procfs и sysfs gamuchira kumudziyo senzira dzekuenda kwairi rootfs... Kunze kwezvo MS_BIND mureza unomisikidza gomo rinosungirira, mamwe mimwe mireza pagomo inotsanangura hukama huripo pakati pekuchinja kune anotambira nemudziyo nzvimbo dzemazita. Semuenzaniso, gomo rakabatana rinogona kusvetuka shanduko kuenda /proc и /sys mumudziyo, kana kuvanza zvichienderana nekufona.
mhedziso
Kunzwisisa kushanda kwemukati kweLinux kunogona kuita sebasa risingaite, sezvo kernel pachayo iine huwandu hukuru hwekodhi, ichisiya parutivi Linux mushandisi nzvimbo yekushandisa uye system yekufona maficha mumaraibhurari eC senge. glibc. Imwe nzira yekufambira mberi ndeyekuverenga iyo kodhi kodhi yeimwe kernel subsystem, nekusimbisa pakunzwisisa masisitimu mafoni uye mushandisi-nzvimbo misoro, pamwe neiyo huru yemukati kernel interfaces, senge tafura. file_operations. Kushanda kwefaira kunopa iyo "zvese ifaira" musimboti, zvichiita kuti inakidze kubata. C kernel source mafaera mune yepamusoro-level dhairekitori fs/ ratidza kuisirwa kwemafaira efaira masisitimu, ari wrapper layer inopa yakafara uye yakapusa kuenderana pakati peakakurumbira faira masisitimu nemidziyo yekuchengetedza. Kubatanidza uye kukwirisa kukwira kuburikidza neLinux namespaces ndiwo mashiripiti eVFS anoita kuti kugadzira-chete midziyo uye midzi mafaera zvigoneke. Yakasanganiswa nekuongororwa kweiyo source code, iyo eBPF musimboti chishandiso uye chimiro chayo bcc
kuita kuti kuongorora kwepakati kuve nyore kupfuura nakare kose.
Shamwari, nyora, chinyorwa ichi chakabatsira kwauri? Zvimwe une zvipi nezvipi zvaunotaura kana kutaura? Uye avo vanofarira iyo Linux Administrator kosi vanokokwa , iyo ichaitika musi waApril 18.
Source: www.habr.com