Lazy man's, user-mode union file system
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
AUTHORS
COPYING
Makefile
README
luufs.8
luufs.c
test.sh

README

 _              __
| |_   _ _   _ / _|___
| | | | | | | | |_/ __|
| | |_| | |_| |  _\__ \
|_|\__,_|\__,_|_| |___/

Overview
========

luufs is a lazy man's, user-mode union file system.

It takes two directories and creates a magical directory which shows their
unified contents.

luufs is a "compile once, run anywhere" alternative for Aufs
(http://aufs.sourceforge.net/) and Unionfs (http://unionfs.filesystems.org/),
implemented in user-mode via FUSE (http://fuse.sourceforge.net/).

However, luufs is very simple, so it does not fit in all use cases of more
complex union file systems. It operates according to three rules:
  1) The first directory is read-only and the second one is writeable. New files
     are created under the writeable directory, but read from both directories.
  2) If a file exists under both directories, the one under the read-only
     directory is preferred. This improves security, as files (e.g /bin/login)
     cannot be overwritten using external access to the writeable directory.
  3) Non-root processes cannot open new file descriptors via luufs (e.g open
     files), but can use existing file descriptors.

Therefore, luufs can be used to secure servers: they can be trapped under a
luufs mount point (using chroot), with a writeable directory mounted with the
MS_NOEXEC and MS_NODEV flags.

In addition, luufs has a read-only mirroring mode, in which a directory is
mirrored and changes are disallowed. It is similar to a bind mount, but may be
read-only even if the specified directory is writable.

Legal Information
=================

luufs is licensed under the MIT license, see COPYING for the license
text. For a list of its authors and contributors, see AUTHORS.

The ASCII art logo at the top was made using FIGlet (http://www.figlet.org/).