As Published In
Oracle Magazine
July/August 2009

DEVELOPER: Open Source

Open Source Contributions

By Rich Schwerin

Oracle investments in Linux yield substantial returns.

Beyond working on and delivering thousands of products, Oracle participates in a variety of open source projects. Each Oracle contribution to an open source project is an investment in technology, and as with all investments, it’s important to look at the return. I checked on some recent returns of Oracle’s contributions to Linux and found some good investments.

A key feature of the Linux kernel is Oracle Cluster File System, a free, open source, clustered file system that Oracle developed and contributed to Linux kernel 2.6.16. Today, Oracle continues to develop and contribute enhancements to the file system by adding features such as extended attributes and shared writable memory mapping.

Extended Attributes

Extended attributes provide access control and greater file security. “An extended attribute is something you can associate with a file or directory in a file system; you give it a name, and you give it some data and store it,” says Joel Becker, principal software developer at Oracle, who works on Oracle Cluster File System 2. “With support for extended attributes, Linux users can now take advantage of simple, powerful file system permission policy models such as POSIX ACL [Access Control List] and SELinux [Security-Enhanced Linux].”

POSIX ACL is a list of permissions attached to an object that specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. SELinux provides a variety of security policies, including mandatory access controls, in the Linux kernel.

Next Steps


READ more about
Oracle Cluster File System 2
oss.oracle.com/projects/ocfs2
oracle.com/technologies/linux/ocfs2.html
Oracle Cluster File System 2 user’s guide
Linux
Linux Kernel Archives

DOWNLOAD
Oracle Enterprise Linux
Oracle VM

“SELinux tags files and directories by using extended attributes, adding extra security information to each file, so Oracle Cluster File System 2 will take advantage of SELinux,” says Becker. “Without extended attributes, a file system is basically lumped together as one big security class, usually a pretty restrictive one. With extended attributes, SELinux can now mark every single file and directory individually, allowing the full flavor of SELinux to work on top of that file system.”

For security-minded customers, SELinux works not just with users but also with privileged processes. “With SELinux, you can restrict processes, enabling secure operation of certain privileged processes,” Becker says. For example, HR files can be restricted for access only by people in HR, or engineering plans can be restricted for access only by people in engineering.

Shared, Writable mmap

Oracle Cluster File System 2 includes support for shared, writable memory mapping (mmap). “Memory mapping creates a region of memory in your program that is actually the file, so if someone changes the file, you see the change in this area of memory. With writable memory mapping, if you change this area of memory with normal memory operations, the file itself will be changed,” says Becker. “By modifying these regions of memory, the programs are modifying the files on disk, so they can communicate, see each other’s work, and coordinate, and when they exit, the latest changes are stored in the file on disk.”

With shared writable mmap in Oracle Cluster File System 2, you extend this capability to two processes on different machines. “This means that any program that already uses the mmap facility on a single machine can run multiple copies of itself on multiple machines, for greater efficiency, scalability, and reliability,” says Becker.

Another benefit: applications don’t have to be aware that they’re running on multiple machines; they just know that they’re doing their jobs. “Programs don’t need to be rewritten to run in a clustered environment. With the shared, writable mmap of Oracle Cluster File System 2, programs can be running on multiple machines without issues,” Becker says.

Oracle’s technology contributions through Oracle Cluster File System 2 are currently available and are of benefit to anyone using Linux. “Both of these Oracle Cluster File System 2 features are in the mainline Linux kernel,” adds Becker. “Extended attributes have been in the mainline kernel since version 2.6.28, and shared, writable mmap has been there since version 2.6.23.”

 


Rich Schwerin (rich.schwerin@oracle.com) is the Linux, virtualization, and open source senior product marketing manager in Oracle Technology Marketing.

Send us your comments