Search code examples
javafilesystemsfuse

A virtual filesystem environment for software executed through a Java process

I'm working on a project for the execution of programs on a remote system. The project is written in Java on the server and client.

The code executed on the server is run through a java.lang.Process, and can be a command to run any sort of language (such as python).

What I would like to do is intercept ALL filesystem calls by the process (in a similar way to FUSE, but instead of on a single mounted FUSE directly on all calls for that process) and handle them from inside my Java server.

Is there any known method out there for my use case?

If not, if you have any pointers as to where to start to go about this that would be great.

The server is probably Ubuntu based, but I have no issue switching Linux distro if it helps the project

Thanks for any help :)

I've had a poke around FUSE, but as far as I can tell I cant lock an entire process inside some sort of FUSE system, it's instead mounted to specific locations?

If you'd like to get a bit more familiar with how processes are currently spawned, this is the code that does it

ProcessBuilder processBuilder = new ProcessBuilder();
if (SystemUtils.IS_OS_WINDOWS){
    processBuilder.command(System.getenv("SystemRoot") + "\\System32\\cmd.exe", " /c ", command);
}
else{
    processBuilder.command("/bin/bash ", command);
}
try{
    Process process = processBuilder.start();
    ProcessStreamer processStreamer = new ProcessStreamer(process);
    processStreamer.streamTo(context);
    context.attribute("process", process);
    Session.forContext(context).setCurrentRoute("executorinput", context);
}
catch(IOException e){
    context.send("error " + e.getMessage());
}
Solution

  • If it is possible, chroot your Java process into the fuse mount point.

    Your case is the exact use case for using chroot, to quote your description:

    What I would like to do is intercept ALL filesystem calls by the process (in a similar way to FUSE, but instead of on a single mounted FUSE directly on all calls for that process)

    Edit:

    I now see that with Java programs you might get some glitches due to the fact that the process is looking for shared objects in the file system. You will need to do some copying into your "jail" folder. See here - https://askubuntu.com/questions/236778/using-chroot-with-a-java-application