This repository has been archived by the owner on Aug 5, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathREADME
42 lines (28 loc) · 1.48 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Buxton
======
Buxton is a security-enabled configuration management system. It features a
layered approach to configuration storage, with each layer containing an
arbitrary number of groups, each of which may contain key-value pairs.
Mandatory Access Control (MAC) is implemented at the group level and at the
key-value level.
Buxton provides a C library (libbuxton) for client applications to use. As an
alternative, it also provides a simpler C library (libbuxtonsimple) for client
applications that reduces the amount of code needed to use buxton. This simpler
library is currently used for synchronous management while libbuxton can be used for both
asynchronous and synchronous management. Internally,buxton uses a daemon (buxtond)
for processing client requests and enforcing MAC. Also, a CLI (buxtonctl) is
provided for interactive use and for use in shell scripts.
Build dependencies
==================
- attr, to provide a required header file, xattr.h
- check, to build the unit tests
- gdbm, for key-value pair storage
- Linux kernel headers, for the inotify header
- systemd, for autodetection of service file locations, for socket activation
of buxtond, and the initialization of the Smack virtual filesystem
Additional runtime dependencies
===============================
- Smack-enabled kernel, for MAC support
* CONFIG_SECURITY_SMACK=y
Note: if running a kernel without Smack enabled, buxton can still be used for
configuration management, but MAC will not be enforced.