5-6 February 2018
CERN
Europe/Zurich timezone

User authentication in eosxd: A tale of /proc/pid/environ and kernel deadlocks

6 Feb 2018, 09:30
15m
31/3-004 - IT Amphitheatre (CERN)

31/3-004 - IT Amphitheatre

CERN

15
Show room on map

Speaker

Georgios Bitzes (CERN)

Description

Supporting multiple parallel users in eosxd requires some mechanism of distinguishing their identities, and assigning a different set of credentials to each.

In this presentation, we detail our efforts in implementing the eosxd authentication subsystem based on process environment variables.

However, reading the environment variables of a process (/proc/pid/environ) from within a FUSE daemon comes with a major caveat: The possibility of triggering a deadlock in the Linux kernel. We will outline the root cause of this issue, and describe various mitigations and workarounds for preventing it, thus making environment-based authentication in a FUSE daemon feasible.

Primary authors

Presentation Materials