Ibm Novell 10 SP1 EAL4 User Manual

SUSE Linux Enterprise Server 10 SP1 EAL4 High-Level Design Version 1.2.1

5.13.3.2 groupmod...232 5.13.3.

5.5.2.1.2 PagingThe paging unit translates linear addresses into physical addresses. It checks the requested access type against the access rights

In extended paging, 32 bits of linear address are divided into two fields:• Directory: The most significant 10 bits represents directory.• Offset: T

User-Supervisor flag: This flag contains the privilege level that is required for accessing the page or page table. The User-Supervisor flag is eith

For more information about call gates, refer to the http://www.csee.umbc.edu/~plusquel/310/slides/micro_arch4.html Web site. 5.5.2.1.2.3 Translation

The PS flag in the page directory entry (PDE.PS) selects between 4 KB and 2 MB page sizes. 5.5.2.2 System pLinux on POWER5 System p systems runs only

Figure 5-34: Logical partitionsOn System p systems without logical partitions, the processor has two operating modes, user and supervisor. The user an

• 0 The processor is not in hypervisor state.• 1 If MSRPR= 0 the processor is in hypervisor state; otherwise, the processor is not in hypervisor state

Just as certain memory areas are protected from access in user mode, some memory areas, such as hardware page tables, are accessible only in hyperviso

hardware address of the memory. This translation is done by the hypervisor, which keeps a logical partition unaware of the existence of other logical

5.5.2.2.4 Virtual mode addressing Operating systems use another type of addressing, virtual addressing, to give user applications an effective addre

6.1 Identification and authentication...251 6.1.

5.5.2.2.7 Run-Time Abstraction Services System p hardware platforms provide a set of firmware Run-Time Abstraction Services (RTAS) calls. In LPAR,

For further information about PowerPC 64 bit processor, see PowerPC 64-bit Kernel Internals by David Engebretson, Mike Corrigan & Peter Bergner at

• To access a particular memory location, the CPU transforms an effective address into a physical address using one of the following address translati

• DR: Data Address Translation. The value of 0 disables translation, and the value of 1 enables translation. 5.5.2.3.2 Page descriptorPages are desc

• Vs: Supervisor mode valid bit. Used with MSR[PR] to restrict translation for some block addresses.• Vp: User mode valid bit. Used with MSR[PR] to

Real Mode Address Translation: Real Mode Address Translation is not technically the translation of any addresses. Real Mode Address Translation signi

Page address translation begins with a check to see if the effective segment ID, corresponding to the effective address, exists in the Segment Lookasi

105Figure 5-48: Page Address Translation and access control

5.5.2.4 System z SLES on System z systems can run either in native mode or in LPAR. Additionally, it can run as z/VM guests, which is specific to t

Absolute address: An absolute address is the address assigned to a main memory location. An absolute address is used for a memory access without any

6.8 Security enforcing interfaces between subsystems...255 6.8.1 Summary of

5.5.2.4.7.1 Dynamic address translationBit 5 of the current PSW indicates whether a virtual address is to be translated using paging tables. If it

Figure 5-51: Address translation modesEach address-space translation mode translates virtual addresses corresponding to that address space. For examp

5.5.2.4.7.2 PrefixingPrefixing provides the ability to assign a range of real addresses to a different block in absolute memory for each CPU, thus p

For a detailed description of prefixing as well as implementation details, see z/Architecture Principles of Operation at http://publibz.boulder.ibm.co

5.5.2.4.8.2 Page table protectionThe page table protection mechanism is applied to virtual addresses during their translation to real addresses. The

113Figure 5-54: 31-bit Dynamic Address Translation with page table protection

114Figure 5-55: 64-bit Dynamic Address Translation with page table protection

5.5.2.4.8.3 Key-controlled protectionWhen an access attempt is made to an absolute address, which refers to a memory location, key-controlled protec

5.5.2.5 eServer 326eServer 326 systems use AMD Opteron processors. The Opteron processors can either operate in legacy mode to support 32-bit opera

The segment selector specifies an entry in either the global or local descriptor table. The specified descriptor-table entry describes the segment loc

1 IntroductionThis document describes the High Level Design (HLD) for the SUSE® Linux® Enterprise Server 10 Service Pack 1 operating system. For e

• Requestor Privilege Level (RPL):RPL represents the privilege level of the program that created the segment selector. The RPL is stored in the segme

calls. If the code segment is non-conforming (with conforming bit C set to zero in the segment descriptor), then the processor first checks to ensure

The eServer 326 supports a four-level page table. The uppermost level is kept private to the architecture-specific code of SLES. The page-table setu

When the page size is 2 MB, bits 0 to 20 represent the byte offset into the physical page. That is, page table offset and byte offset of the 4 KB pag

Each entry of the page map level-4 table, the page-directory pointer table, the page-directory table, and the page table is represented by the same da

• Read/Write flag: This flag contains access rights of the physical pages mapped by the table entry. The R/W flag is either read/write or read. If s

5.5.3.1 Support for NUMA serversNUMA is an architecture wherein the memory access time for different regions of memory from a given processor varies

systems, this operation is unacceptably slow. With Rmap VM, additional memory management structures have been created that enable a physical address t

Huge TLB File system (hugetlbfs) is a pseudo file system, implemented in fs/hugetlbfs/inode.c. The basic idea behind the implementation is that large

5.5.3.4 Remap_file_pagesRemap_file_pages is another memory management feature that is suitable for large memory and database applications. It is pr

2 System OverviewThe Target of Evaluation (TOE) is SUSE Linux Enterprise Server (SLES) running on an IBM eServer host computer. The SLES product is

5.5.3.6 Memory area managementMemory areas are sequences of memory cells having contiguous physical addresses with an arbitrary length. The SLES ker

address returned by arch_get_unmapped_area() to contain a linear address that is part of another process’s address space. In addition to this process

5.5.5 Symmetric multiprocessing and synchronizationThe SLES kernel allows multiple processes to execute in the kernel simultaneously (the kernel is

5.5.5.3 Spin locksSpin locks provide an additional synchronization primitive for applications running on SMP systems. A spin lock is just a simple

Figure 5-69: Audit framework components 5.6.1.1 Audit kernel componentsLinux Audit of the SLES kernel includes three kernel-side components relating

The kernel checks the effective capabilities of the sender process. If the sender does not possess the right capability, the netlink message is disca

5.6.1.1.5 Audit context fields• Login ID: Login ID is the user ID of the logged-in user. It remains unchanged through the setuid() or seteuid() sy

• serial: A unique number that helps identify a particular audit record. Along with ctime, it can determine which pieces belong to the same audit rec

When a filesystem object the audit subsystem is watching changes, the inotify subsystem calls the audit_handle_event() function. audit_handle_event()

5.6.2 Audit operation and configuration options 5.6.2.1 ConfigurationThere are many ways to control the operation of the audit subsystem. The contr

The TOE system provides user Identification and Authentication (I&A) mechanism by requiring each user to log in with proper password at the local

Option Description Possible valueslog_filename of the log filelog_formatHow to flush the data from auditd to the log.RAW. Only RAW is supported in thi

Option description Possible values-bSets max number of outstanding buffer allowed. If all buffers are exhausted, the failure flag is checked.Default

7. If audit is enabled, the kernel intercepts the system calls, and generates audit records according to the filter rules. Or, the kernel generates a

5.6.3.1.2 Syscall audit record generationOnce attached, every security-relevant system call performed by the process is evaluated in the kernel. Th

generates the audit record, and sends the record to netlink socket. Both audit_syscall_entry() and audit_syscall_exit() call audit_filter_syscall() t

5.6.3.1.4 Socket call and IPC audit record generationSome system calls pass an argument to the kernel specifying which function the system call is

timestamp of the record and the serial number are used by the user-space daemon to determine which pieces belong to the same audit record. The tuple

Event Description LAF audit eventsStartup and shutdown of audit functions DAEMON_START, DAEMON_END are generated by auditdModification of audit config

Event Description LAF audit eventsExecution of the test of the underlying machine and the result of the testAudit message from amtu utility: audit rec

Lower-layer functions, such as scheduling and interrupt management, cannot be modularized. Kernel modules can be used to add or replace system calls.

The Common Criteria for Information Technology Security Evaluation [CC] and the Common Methodology for Information Technology Security Evaluation [CEM

STRUCTURE OBJECTtask_structTask(Process)linux_binprmProgramsuper_blockFile systeminodePipe, File, or SocketfileOpen Filesk_buffNetwork Buffer(Packet)n

LSM adds a general security system call that simply invokes the sys_security hook. This system call and hook permits security modules to implement ne

● Administrative utilities provide a mechanism for administrators to configure, query, and control AppArmor.For background information on AppArmor whi

● px - discrete profile execute● Px - discrete profile execute after scrubbing the environment● ix - inherit execute● m - allow PROT_EXEC with mmap(2)

5.9 Device driversA device driver is a software layer that makes a hardware device respond to a well-defined programming interface. The kernel inte

guest program or interpreted machine. The interpreted and host machines execute guest and host programs, respectively.The interpretive-execution faci

• Conditional interceptions refer to functions that are executed for the guest unless a specified condition is encountered that causes control to be r

This extra level of indirection is needed for character devices, but not for block devices, because of the large variety of character devices and the

5.10 System initializationWhen a computer with SLES is turned on, the operating system is loaded into memory by a special program called a boot loa

the system runlevel by controlling PID 1. For more information on the /etc/inittab file, please see the inittab(5) man page. For more information on

The SLES kernel includes the base kernel and separately-loadable kernel modules and device drivers. (Note that a device driver can also be a kernel m

5.10.2.1 Boot methodsSLES supports booting from a hard disk, a CD-ROM, or a floppy disk. CD-ROM and floppy disk boots are used for installation, an

14. The boot loader sets the IDT with null interrupt handlers. It puts the system parameters obtained from the BIOS and the parameters passed to the

160Figure 5-79: System x SLES boot sequence

5.10.3 System pThis section briefly describes the system initialization process for System p servers. 5.10.3.1 Boot methodsSLES supports booting fr

1. Yaboot allows an administrator to perform interactive debugging of the startup process by executing the /etc/sysconfig/init script.2. Mounts the /p

5.10.4 System p in LPARSLES runs in a logical partition on an System p system. The hypervisor program creates logical partitions, which interacts w

5.10.4.1 Boot processFor an individual computer, the boot process consists of the following steps when the CPU is powered on or reset:1. The hypervi

• Starts the agetty program.For more details about services started at run level 3, see the scripts in /etc/rc.d/rc3.d on a SLES system.Figure 5-81 sc

5.10.5 System zThis section briefly describes the system initialization process for System z servers. 5.10.5.1 Boot methodsLinux on System z suppo

4. Executes /etc/rc.d/rc.local, which was set by an administrator to perform site-specific setup functions.5. Performs run-level specific initializati

2.2.2 eServer system structureThe system is an eServer computer, which permits one user at a time to log in to the computer console. Several virtual

5.10.6 eServer 326This section briefly describes the system initialization process for eServer 326 servers. For detailed information on system initi

5.10.6.2 Boot loaderAfter the system completes the hardware diagnostics setup in the firmware, the first program that runs is the boot loader. The

17. x86_64_start_kernel() completes the kernel initialization by initializing Page Tables, Memory Handling Data Structures IDT tables, slab allocator

5.11 Identification and authenticationIdentification is when a user possesses an identity to a system in the form of a login ID. Identification esta

provides a way to develop programs that are independent of the authentication scheme. These programs need authentication modules to be attached to th

6. Each authentication module performs its action and relays the result back to the application.7. The PAM library is modified to create a USER_AUTH t

• pam_passwdqc.so: Performs additional password strength checks. For example, it rejects passwords such as “1qaz2wsx” that follow a pattern on the k

5.11.2 Protected databasesThe following databases are consulted by the identification and authentication subsystem during user session initiation:•

• /etc/ftpusers: The ftpusers text file contains a list of users who cannot log in using the File Transfer Protocol (FTP) server daemon. The file is

6. Execs the login program.The steps that are relevant to the identification and authorization subsystem are step 5, which prompts for the user’s logi

Network services, such as ssh or ftp, involve client-server architecture and a network service-layer protocol. The client-server model splits the sof

17. Sets effective, real, and saved user ID.18. Changes directory to the user’s home directory.19. Executes shell. 5.11.3.4 mingettymingetty, the min

16. Sets up signals.17. Forks a child.18. Parent waits on child's return; child continues:19. Adds the new GID to the group list.20. Sets the GI

4. Processes command-line arguments.5. Sets up the environment variable array.6. Invokes pam_start() to initialize the PAM library, and to identify th

Cryptography can be used to neutralize some of these attacks and to ensure confidentiality and integrity of network traffic. Cryptography can also be

5.12.1.1 ConceptsSSL is used to authenticate endpoints and to secure the contents of the application-level communication. An SSL-secured connection

Data confidentiality can be maintained by keeping the algorithm, the key, or both, secret from unauthorized people. In most cases, including OpenSSL,

If encryption is done with a public key, only the corresponding private key can be used for decryption. This allows a user to communicate confidentia

5.12.1.1.2 Message digestA message digest is text in the form of a single string of digits created with a one-way hash function. One-way hash funct

The SSL architecture differentiates between an SSL session and an SSL connection. A connection is a transient transport device between peers. A sess

1. Client hello message: The CipherSuite list, passed from the client to the server in the client hello message, contains the combinations of cryptog

Version Author Date Comments1.0 EJR 3/15/07 First draft based on RHEL5 HLD1.1 EJR 4/19/07 Updates based on comments from Stephan Mueller and Klaus Wei

Objects are passive repositories of data. The TOE defines three types of objects: named objects, storage objects, and public objects. Named objects ar

For the list of Cipher suites supported, see FCS_COP.1(2) in the Security Target.5. SSL Change cipher spec protocol: The SSL change cipher spec proto

• Blowfish: Blowfish is a block cipher that operates on 64-bit blocks of data. It supports variable key sizes, but generally uses 128-bit keys.• Dat

MD2, MD4, and MD5 are cryptographic message-digest algorithms that take a message of arbitrary length and generate a 128-bit message digest. In MD5,

mac = MAC (key, sequence_number || unencrypted_packet)where unencrypted_packet is the entire packet without MAC (the length fields, payload and paddin

5.12.3 Very Secure File Transfer Protocol daemonVery Secure File Transfer Protocol daemon (VSFTPD) provides a secure, fast, and stable file transfer

For background on CUPS labeled printing, please see: http://free.linux.hp.com/~mra/docs/ . CUPS uses the Internet Printing Protocol (IPP) that was

24. Check for input or output requests with select().25. If select() fails, logs error messages, notifies clients, and exits the main loop for shutdow

cryptography standards that they require. The openssl command can be used by an administrative user for the following:• Creation of RSA, DH, and DSA

# Service-level configuration# ---------------------------[ssmtp]accept = 465connect = 25The above configuration secures localhost-SMTP when someone c

14. Invokes pam_chauthok() to rejuvenate user’s authentication tokens.15. Exits. 5.13.1.2 chfnThe chfn program allows users to change their finger in

The local TSF interfaces provided by an individual host computer include:• Files that are part of the TSF database that define the configuration param

11. Invokes setpwnam() to update appropriate database files with the new shell.12. Exits. 5.13.2 User management 5.13.2.1 useraddThe useradd program

6. Processes command-line arguments.7. Ensures that the user account being modified exists.8. Invokes open_files() to lock and open authentication dat

5.13.3 Group management 5.13.3.1 groupaddThe groupadd program allows an administrator to create new groups on the system. Refer to the groupadd ma

5.13.3.2 groupmodThe groupmod program allows an administrator to modify existing groups on the system. Refer to the groupmod man page for more info

202

5.13.4 System Time management 5.13.4.1 dateThe date program, for a normal user, displays current date and time. For an administrative user, date c

This tool works from a premise that it is working on an abstract machine that is providing functionality to the TSF. The test tool runs on all hardwa

5.13.5.1.5.1 System pThe instruction set for the PowerPC processor is given in the book at the following URL: http://www.ibm.com/chips/techlib/techl

To test CPU control registers, use MOVL %cs, 28(%esp). This overwrites the value of the register that contains the code segment. The register that c

2. Gets its euid and uid.3. Transforms old-style command line argument syntax into new-style syntax.4. Processes the command line arguments.5. Sets up

The SLES operating system is distributed as a collection of packages. A package can include programs, configuration data, and documentation for the p

5.13.6 I&A support 5.13.6.1 pam_tallyThe pam_tally utility allows administrative users to reset the failed login counter kept in the /var/log/f

The crontab program is used to install, deinstall, or list the tables used to drive the cron daemon in Vixie Cron. The crontab program allows an admi

commands that are to be executed. Information stored in this job file, along with its attributes, is used by the atd daemon to recreate the invocation

5.15 User-level audit subsystemThe main user-level audit components consist of the auditd daemon, the auditctl control program, the libaudit library

2. Processes the command line arguments.3. Attempts to raise its resource limits.4. Sets its umask.5. Resets its internal counters.6. Emits a title.7.

5.16 Supporting functionsTrusted programs and trusted processes in an SLES system use libraries. Libraries do not form a subsystem in the notation

Library Description /lib/libc.so.6C Run time library functions./lib/libcrypt.so.1Library that performs one-way encryption of user and group passwords.

5.16.2 Library linking mechanismOn SLES, a binary executable automatically causes the program loader /lib/ld-linux.so.2 to be loaded and run. This

system initialization, and sets the IDT entry corresponding to vector 128 (Ox80) to invoke the system call exception handler. When compiling and link

passed as system-call parameters. For the sake of efficiency, and satisfying the access control requirement, the SLES kernel performs validation in a

11

6 Mapping the TOE summary specification to the High-Level DesignThis chapter provides a mapping of the security functions of the TOE summary specifi

6.2.3 Audit record format (AU.3) Section 5.6.3.2 describes information stored in each audit record. 6.2.4 Audit post-processing (AU.4)Section 5.15.

6.5.1 Roles (SM.1)Section 5.13 provides details on various commands that support the notion of an administrator and a normal user. 6.5.2 Access con

6.7.4 Trusted processes (TP.4)Section 4.2.2 provides details on the non-kernel trusted process on the SLES system. 6.7.5 TSF Databases (TP.5)Sectio

• Kernel Modules• Device Drivers• Trusted process subsystems:• System Initialization• Identification and Authentication• Network Applications• System

6.8.1.1.2 Internal Interfaces 6.8.1.1.3 Internal function Interfaces defined inpermissionThis document, Section 5.1.1.1vfs_permissionThis document,

read_inode write_superread_inode2 write_super_lockfsdirty_inode unlockfswrite_inode statfsput_inode remount_fsdelete_inode clear_inodeDentry operation

System calls are listed in the Functional Specification mapping table. 6.8.1.2.2 Internal InterfacesInternal function Interfaces defined incurrentUn

6.8.1.3.1 External interfaces (system calls)• TSFI system calls• Non-TSFI system callsSystem calls are listed in the Functional Specification mappin

6.8.1.4 Kernel subsystem networkingThis section lists external interfaces, internal interfaces and data structures of the networking subsystem. 6.8.

3 Hardware architectureThe TOE includes the IBM System x, System p, System z, and eServer 326. This section describes the hardware architecture of

System calls are listed in the Functional Specification mapping table 6.8.1.5.2 Internal interfacesInternal interfaces Interfaces defined inget_zeroe

• audit_sockaddr• audit_ipc_perms 6.8.1.6.3 Data structures• audit_sock: The netlink socket through which all user space communication is done. • au

driver methods for character device drivers and block device drivers, see [RUBN]. Chapter 3 describes the methods for character devices and chapter 6

6.8.1.7.3 Data structuresdevice_struct fs/devices.cfile_operations include/linux/fs.hblock_device_operationsinclude/linux/fs.h 6.8.1.8 Kernel subsy

7 References[CC] Common Criteria for Information Technology Security Evaluation, CCIMB-99-031, Version 2.1, August 1999[CEM] Common Methodology for

[RSA] "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120-1

The following are trademarks or registered trademarks of the International Business Machines Corporation in the United States and/or other countries.

In this mode, applications may access:• 64-bit flat linear addressing• 8 new general-purpose registers (GPRs)• 8 new registers for streaming Single In

USB (except keyboard and mouse), PCMCIA, and IEEE 1394 (Firewire) devices are not supported in the evaluated configuration. 3.3 System zThe IBM Syste

For more details about z/Architecture, refer to the z/Architecture document z/Architecture Principles of Operation at http://publibz.boulder.ibm.com/e

processor extensions are activated, allowing the processor to operate in one of two sub-modes of LMA. These are the 64-bit mode and the compatibility

17

Table of Contents 1 Introduction...

4 Software architectureThis chapter summarizes the software structure and design of the SLES system and provides references to detailed design docum

System x: The System x servers are powered by Intel processors. Intel processors provide four execution modes, identified with processor privilege l

• When the processor is in kernel mode, the program has hardware privilege because it can execute certain privileged instructions that are not availab

4.1.2.1 DACThe DAC model allows the owner of the object to decide who can access that object, and in what manner. Like any other access control mod

4.1.2.3 Programs with software privilegeExamples of programs running with software privilege are:• Programs that are run by the system, such as the

The concept of breaking the TOE product into logical subsystems is described in the Common Criteria. These logical subsystems are the building blocks

4.2.1.1 Logical componentsThe kernel consists of logical subsystems that provide different functionalities. Even though the kernel is a single exec

• Audit subsystem: This subsystem implements functions related to recording of security-critical events on the system. Implemented functions include

4.2.1.2.3 Kernel modules and device driversKernel modules are pieces of code that can be loaded and unloaded into and out of the kernel upon demand.

• The crontab program is the program used to install, deinstall, or list the tables used to drive the cron daemon. Users can have their own crontab f

4.1.2.1 DAC...25 4.

• The chfn command allows users to change their finger information. The finger command displays that information, which is stored in the /etc/passwd

This section briefly describes the functional subsystems that implement the required security functionalities and the logical subsystems that are part

• gpasswd• chage• useradd, usermod, userdel• groupadd, groupmode, groupdel• chsh• chfn• openssl 4.4.5 User-level audit subsystemThis subsystem contai

31

5 Functional descriptionsThe kernel structure, its trusted software, and its Target of Evaluation (TOE) Security Functions (TSF) databases provide t

In order to shield user programs from the underlying details of different types of disk devices and disk-based file systems, the SLES kernel provides

The root directory is contained in the root file system, which is ext3 in this TOE. All other file systems can be mounted on subdirectories of the ro

inode: Stores general information about a specific file, such as file type and access rights, file owner, group owner, length in bytes, operations vec

Figure 5-5 VFS pathname translation and access control checks36Figure 5-5: VFS pathname translation and access control checks

5.1.1.2 open()The following describes the call sequence of an open() call to create a file:1. Call the open() system call with a relative pathname a

5.1.5 Discretionary Access Control (DAC)...55 5.1.5.1 Permiss

5.1.1.3 write()Another example of a file system operation is a write() system call to write to a file that was opened for writing. The write() syste

• Unbindable Mount: This mount does not forward or receive propagation. This mount type can not be bind-mounted, and it is not valid to move it unde

5.1.2.1.1.1 Access Control ListsACLs provide a way of extending directory and file access restrictions beyond the traditional owner, group, and worl

• ext3_group_desc: Disk blocks are partitioned into groups. Each group has its own group descriptor. ext3_group_desc stores information such as the

42Figure 5-8: New data blocks are allocated and initialized for an ext3 field

Figure 5-9 shows how for a file on the ext3 file system, inode_operations map to ext3_file_inode_operations.Similarly, for directory, symlink, and spe

from the superblock’s s_root field of the superblock, and then invokes isofs_find_entry() to retrieve the object from the CD-ROM.On a CD-ROM file syst

Since VM is volatile in nature, tmpfs data is not preserved between reboots. Hence this file system is used to store short-lived temporary files. An

5.1.3.6 binfmt_miscbinfmt_misc provides the ability to register additional binary formats to the kernel without compiling an additional module or ke

chown() system call. The owner and the root user are allowed to define and change access rights for an object.This following subsection looks at the

5.3.3.2 Common functions...76 5.3.3.3 Mes

• If the process is neither the owner nor a member of an appropriate group, and the permission bits for world allow the type of access requested, then

5.1.5.2.3 ACL permissions An ACL entry can define separate permissions for read, write, and execute or search. 5.1.5.2.4 Relationship to file perm

5.1.5.2.8 ACL enforcementThe ext3_permission() function uses ACLs to enforce DAC. The algorithm goes through the following steps: 1. Performs check

file by adding ACLs with the setfacl command. For example, the following command allows a user named john read access to this file, even if john does

application, the I/O scheduler is considered an important kernel component in the I/O path. SLES includes four I/O scheduler options to optimize syst

requests. This capability makes it behaves similarly to the Anticipatory I/O scheduler. I/O priorities are also considered for the processes, which

5.1.8.4 TaskletsTasklets are dynamically linked and built on top of softirq mechanisms. Tasklets differ from softirqs in that a tasklet is always s

5.2 Process control and managementA process is an instance of a program in execution. Process management consists of creating, manipulating, and te

The SLES kernel maintains information about each process in a task_struct process type of descriptor. Each process descriptor contains information suc

Figure 5-12: The task structureThe kernel maintains a circular doubly-linked list of all existing process descriptors. The head of the list is the ini

5.5.3 Kernel memory management...142 5.5.3.1 Suppor

5.2.2.2.4 setresuid()and setresgid()These set the real user and group ID, the effective user and group ID, and the saved set-user and group ID of th

5.2.5 SchedulingScheduling is one of the features that is highly improved in the SLES 2.6 kernel over the 2.4 kernel. It uses a new scheduler algo

For more information about hyperthreading, refer to http://www.intel.com/technology/hyperthread/. 5.2.6 Kernel preemptionThe kernel preemption featu

The following code snippet demonstrates the per-CPU data structure problem, in an SMP system: int arr[NR_CPUS];arr[smp_processor_id()] = i;/* kernel p

5.3.1 PipesPipes allow the transfer of data in a FIFO manner. The pipe() system call creates unnamed pipes. Unnamed pipes are only accessible to th

pipe_inode_info: Contains generic state information about the pipe with fields such as base (which points to the kernel buffer), len (which represent

The inode allocation routine of the disk-based file system does the allocation and initialization of the inode object; thus, object reuse is handled b

• ipc_id: The ipc_id data structure describes the security credentials of an IPC resource with the p field, which is a pointer to the credential stru

5.3.3.3.3 msgget()This function is invoked to create a new message queue, or to get a descriptor of an existing queue based on a key. The newly cre

5.3.3.4.4 semctl()A function that is invoked to set attributes, query status, or delete a semaphore. A semaphore is not deleted until the process w

5.8.3 securityfs...1

5.3.4 SignalsSignals offer a means of delivering asynchronous events to processes. Processes can send signals to each other with the kill() system

specifying the target address of the server. For an Internet domain socket, the address of the server is its IP address and its port number.Sockets a

• The protocol-independent interface module provides an interface that is independent of hardware devices and network protocol. This is the interface

The transport layer consists of the TCP, UDP and similar protocols. The application layer consists of all the various application clients and servers,

5.4.2 Transport layer protocolsThe transport layer protocols supported by the SLES kernel are TCP and UDP. 5.4.2.1 TCPTCP is a connection-oriented,

The following section introduces Internet Protocol Version 6 (IPv6). For additional information about referenced socket options and advanced IPv6 app

5.4.3.2.3 Flow LabelsThe IPv6 header has a field to in which to enter a flow label. This provides the ability to identify packets for a connection

The phrase data integrity implies that the data received is as it was when sent. It has not been tampered, altered, or impaired in any way. Data aut

In tunnel mode, the entire IP datagram is encapsulated, protecting the entire IP datagram. An IP Packet with tunnel mode AH 5.4.3.4.1.2 Encapsulating

An IP Packet with tunnel mode ESP 5.4.3.4.1.3 Security AssociationsRFC2401 defines a Security Association (SA) as a simplex or one-way connection tha

5.11.3.1 agetty...203 5.

5.4.3.4.1.8 Cryptographic subsystemIPSec uses the cryptographic subsystem described in this section. The cryptographic subsystem performs several cr

5.4.4.1.1 Address Resolution Protocol (ARP)Address Resolution Protocol (ARP) is a protocol for mapping an IP address to a physical machine address t

The following subsections describe access control and object reuse handling associated with establishing a communications channel. 5.4.5.1 socket()so

Similarly, for UNIX domain sockets, bind() invokes unix_bind(). unix_bind() creates an entry in the regular ext3 file system space. This process of

5.4.5.6 Generic callsread(), write() and close(): read(), write() and close() are generic I/O system calls that operate on a file descriptor. Depe

• A system call interface is provided to provide restricted access to user processes. This interface allows user processes to allocate and free stora

5.5.1 Four-Level Page TablesBefore the current implementation of four-level page tables, the kernel implemented a three-level page table structure f

The creation and insertion of a new level, the PUD level, immediately below the top-level PGD directory aims to maintain portability and transparency

The larger kernel virtual address space allows the system to manage more physical memory. Up to 64 GB of main memory is supported by SLES on x86-compa

5.5.2.1.1 SegmentationThe segmentation unit translates a logical address into a linear address. A logical address consists of two parts: a 16 bit se