PCSS

A userspace Process Classifier based on SELinux Security_context(PCSS)



  |    home     |     Scope    |     Important Links     |     Contact      |



             Documentation

Overview
Summary on Sourceforge
How PCSS works with CPUSET ?
How PCSS works with ELSA ?
How to use PCSS in CPUSET ?
How to use PCSS in ELSA ?
Why SElinux used for process classification ?



                      Files

SVN Repository
Download pcss-elsa.patch
pcss-cpuset.tar
pcss-elsa.tar

We propose a userspace Process Classifier based on SELinux Security_context(PCSS). PCSS use SELinux security context to classify the processes in different categories which is useful for process grouping systems like CKRM, Cpuset, ELSA, Containrs etc.

There are many systems that need processes to be classified into groups. For example, Resource management systems (CKRM and CPU-set), Linux accounting system (ELSA) and containers group processes as per their requirement. So, if there is a generic process classifier implemented in the user space to group all the processes, it would be beneficial for the sys-admin to manage.

According to the need of these different systems we provide a framework that contains mainly three parts :

1. Notification: Creation of a new process, or alteration of process is an event that happens inside the kernel and protected from userspace.There are some existing solutions like connector (uses netlink sockets) to provide the notification about process event.

2. classification: Classification is required to finding out the class or group to which process belongs,when PID of the process is given.The classification of a process can be decided on the basis of SElinux security context of process and the class written in configuration file for that corresponing security context.

3. Enforcement: The notification and classification part will remain application independent for all systems those require process grouping. Enforcement part will be application dependent for different systems.This is the only part which need modification at the time of applying PCSS to different applications.

------------------
  General overview
------------------
	
                 KERNEL SPACE           |             USER SPACE
        ^                               |
	|	       			|
        |      	         		|
        |      		        	|      
    Notification   Process Events  1. NETLINK   
        |           connector      ---------------------- 
        |                               |               |
        v                               |               |
        ==============================================================================================
	^				|               |
	|				|               |
	|			        |        	V      
 	|				|	--------------------              *******************  
        |                               |      |    Userspace Daemon |---------->* Configuration file *
        |                          	|      |     jobs manager    |<----------*                    *
    Classification                      |        --------------------              ******************
        |                               |        2.|   ^      4.|
        |                               |          |   |        |
        |                               |          |   |        |
        |         *********             |          |   |        |
        |        * SELinux *  <--------------------    |        |
        |         *********             |              |        |
        |          3.|                  |              |        |
        |            |                  |              |        |
        |            ----------------------------------         |
	|				|                       |
	v				|                       |
	==============================================================================================
        ^                               |                       |
        |                               |			|
	|			Enforcement of          <--------                            
        |                     Classified process   
    Enforcement
 (Application dependent)	      5.|                    
	|	  		        |			
	|	   		        |		
        |           		        |                   
	|  	                         ----------------------------------> Notification of
	v							          process classication
                                       
                                        


Thanks to SourceForge.Net for hosting the project
For comments about the project, please send email to us