IBM 10 SP1 EAL4 Manuale Utente
The root directory is contained in the root file system, which is ext3 in this TOE. All other file systems can
be mounted on subdirectories of the root file system.
The VFS allows programs to perform operations on files without having to know the implementation of the
underlying disk-based file system. The VFS layer redirects file operation requests to the appropriate file
system-specific file operation. An example is in Figure 5-4.
be mounted on subdirectories of the root file system.
The VFS allows programs to perform operations on files without having to know the implementation of the
underlying disk-based file system. The VFS layer redirects file operation requests to the appropriate file
system-specific file operation. An example is in Figure 5-4.
Almost all of the system call interfaces available to a user program in the common file model of VFS involve
the use of a file pathname. The file pathname is either an absolute pathname such as /ext3mnt/file1, or
the use of a file pathname. The file pathname is either an absolute pathname such as /ext3mnt/file1, or
a relative pathname such as ext3mnt/file1. The translation of a pathname to file data is relevant to
security, because the kernel performs access checks as part of this translation mechanism.
The following list describes the security-relevant data structures of the VFS.
The following list describes the security-relevant data structures of the VFS.
super_block: Stores information about each mounted file system, such as file system type, block size,
maximum size of files, and dentry object (described below) of the mount point. The actual data structure in
SLES is called struct super_block.
34
Figure 5-3: ext3 and CD-ROM file systems after mounting
Figure 5-4: Virtual file system