A userspace Process Classifier based on SELinux Security_context(PCSS)

  |    home     |      Scope    |     Important Links     |     Contact      |

ELSA is the a userspace solution for managing groups of processes. Therefore, most of the enhanced accounting will be done in user space.

Work is splited into the following parts in ELSA:
1. Connector [ A Linux kernel feature ]
    Connector reports process events to userspace. It uses the netlink mechanism to communicate between kernelspace and userspace.
2. A user space daemon [ jobd ]
    The user space daemon listens to the netlink messages sent by the process events connector. Like this, it will be alerted when fork happens. With this     information, it will be able to manage a group of processes.
3. Per-process accounting informations [ BSD or taskstats ]
     This is not a part of ELSA but it is used by it. Per-process accounting information is provided by an extra mechanism like BSD accounting or CSA     accounting.
4. User space applications [ webmin + jobmng + elsa ]
    4.a The job manager.
     'jobmng' is the interface to manage groups of processes.
    4.b The elsa script.
     It allows the visualization of accounting data.
     4.c A webmin module to visualize data.


In current situation, ELSA provides tools like "jobmng", "elsa" which has to be used by sys-admins for manually classifying the processes into JOB groups. As these classifications are based on PID's of processes and are not stored permanantly, everytime system or jobd restarts, all classifications has to be done again. This process can't be automated by scripting because PID's of new processes wont be same.

Solution : Integration of PCSS and ELSA

  General overview

         KERNEL SPACE           |             USER SPACE
                                |       ---------------------            ********************
          Process Events     NETLINK   |    Userspace Daemon |<------- *  Configuration file  *
           connector      <----------->|     jobs manager    |<------- *                      *
                                |       ---------------------            ********************
                                |        |   ^		|                          
                                |        |   |		|                      
              ********          |        |   |		|                  
            * SElinux *  <--------------     |        	|                      
              ********          |            |		|     **********
		 |              |            |          ---->* Job file  *
                 |              |            |    	      **********
                  ---------------------------           	|                       
                                |                       	|
			        |                       	|
			        |        ************   	|     ----------
         Accounting Data -------------->* Accounting *   	---->| Process  |
         (BSD and/or CSA)       |       *    File    *-------------->| grouped  |
                                |        ************          	      ----------

The idea behind using automatic classifier is to reduce the burdan of sys_admin from reconfiguring the ELSA process membership, everytime system or jobd or any process restarts.
With this solution, system administrator needs to configure "elsa_classification_rules.conf" file once, and then all processes will automatically classified with reference to given policies. It wont require re-configuration even after system of jobd daemon restarts. Whenever any new process is created, it will be automatically classified.

Thanks to SourceForge.Net for hosting the project
For comments about the project, please send email to us