Homepage › Forums › Articles › Filesystems › Protected RAM Filesystem (PramFS)
Tagged: block, filesystem, linux, pramfs, ram
This topic was published by DevynCJohnson and viewed 2027 times since "". The last page revision was "".
- AuthorPosts
Protected RAM Filesystem (PramFS) enhances the security of system data by making PramFS RAM pages read-only. PramFS typically remains consistent if kernel data-pointers are corrupted or if the kernel starts executing in the wrong location. PramFS is mainly intended to protect against kernel bugs and rogue programs.
PramFS is officially hosted at http://pramfs.sourceforge.net/
PramFS supports extended attributes, ACLs, security labels, execute-in-place (XIP), and freezing. PramFS has two SuperBlocks (the second being redundant) that are each 128 bytes long. The inode table contains multiple 128-byte inodes. There is also a set of data blocks and a "Block In-Use Bitmap" that keeps track of the block-usage.
To mount PramFS, use a command like
mount -t pramfs -o physaddr=0x20000000,init=1M,bs=1k none /mnt/pram
PramFS supports the below listed mount options.
- acl - Enable access control lists
- bpi - Bytes per inode ratio
- bs - Block-size
- errors - Behavior if mounting errors occur (cont, remount-ro, or panic)
- init - Initialize a PramFS of the specified size
- N - Number of inodes to allocate in the inode table
- noacl - Disable access control lists
- noprotect - Disable memory protection
- nouser_xattr - Disable user extended attributes
- physaddr - Physical memory address to begin PramFS
- user_xattr - Enable user extended attributes
- xip - Enable the execute-in-place (XIP)
Inode Structure
struct pram_inode { __be16 i_sum; /* checksum of this inode */ __be32 i_uid; /* Owner Uid */ __be32 i_gid; /* Group Id */ __be16 i_mode; /* File mode */ __be16 i_links_count; /* Links count */ __be32 i_blocks; /* Blocks count */ __be32 i_size; /* Size of data in bytes */ __be32 i_atime; /* Access time */ __be32 i_ctime; /* Creation time */ __be32 i_mtime; /* Modification time */ __be32 i_dtime; /* Deletion Time */ __be64 i_xattr; /* Extended attribute */ __be32 i_generation; /* File version (for NFS) */ __be32 i_flags; /* Inode flags */ union { struct { /* * ptr to row block of 2D block pointer array, * file block #'s 0 to (blocksize/8)^2 - 1. */ __be64 row_block; } reg; /* regular file or symlink inode */ struct { __be64 head; /* first entry in this directory */ __be64 tail; /* last entry in this directory */ } dir; struct { __be32 rdev; /* major/minor # */ } dev; /* device inode */ } i_type; struct pram_dentry i_d; };
SuperBlock Structure
struct pram_super_block { __be16 s_sum; /* checksum of this sb, including padding */ __be64 s_size; /* total size of fs in bytes */ __be32 s_blocksize; /* blocksize in bytes */ __be32 s_inodes_count; /* total inodes count (used or free) */ __be32 s_free_inodes_count;/* free inodes count */ __be32 s_free_inode_hint; /* start hint for locating free inodes */ __be32 s_blocks_count; /* total data blocks count (used or free) */ __be32 s_free_blocks_count;/* free data blocks count */ __be32 s_free_blocknr_hint;/* free data blocks count */ __be64 s_bitmap_start; /* data block in-use bitmap location */ __be32 s_bitmap_blocks;/* size of bitmap in number of blocks */ __be32 s_mtime; /* Mount time */ __be32 s_wtime; /* Write time */ __be16 s_magic; /* Magic signature */ char s_volume_name[16]; /* volume name */ };
Further Reading
- Filesystem Types - https://dcjtech.info/topic/filesystem-types/
- More Virtual Filesystems for Linux - https://dcjtech.info/topic/more-virtual-filesystems-for-linux/
- FUSE - https://dcjtech.info/topic/fuse/
- Unixoid Mounting Commands - https://dcjtech.info/topic/unixoid-mounting-commands/
- /etc/fstab Options - https://dcjtech.info/topic/etcfstab-options/
- Filesystem Article Index - https://dcjtech.info/topic/filesystems/
- AuthorPosts