Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Architecture Overview

RootAsRole has a combinaison of several designs for profiting of several advantages : Performance, organisational means and technical enforcement precision.

Binaries

  • dosr: policy lookup, authentication flow, and command execution uner a restricted context.
  • chsr: policy editing and conversion interface.
  • capable: policy discovery, available in its own repository.
  • gensr: fully automated policy generation, available in its own repository

Internal crates

  • rar-common: shared policy model, storage handling, migrations, utility logic.
  • rar-exec: execution pipeline primitives (runner, terminal/pty, pipe, signals).
Did you know that there are two approaches for secure execution?
  • The openBSD one is about calling execve() directly for minimal code implementation. Less features, more robust is the software.
  • The sudo one is about adding a intermediary process in order to oversee the communication between user and privileged process.
The version 4.0 of RootAsRole is switching from the first to second design! We believe that the risk taken by implementation error is worth the security feature to protect against innapropriate user inputs.

High-level execution flow for dosr

  1. Parse CLI filters and command input.
  2. Load policy and identify matching tasks.
  3. Resolve effective options/credentials.
  4. Authenticate (PAM) when required.
  5. Apply pre-exec orchestration and spawn target command.

High-level execution flow for chsr

  1. Parse grammar-based command input.
  2. Apply mutations to in-memory settings.
  3. Validate and persist storage.
  4. Optionally convert JSON/CBOR storage format.

High-level execution flow for capable

straceKernel (eBPF)capable (Userspace)sr runnerUserstraceKernel (eBPF)capable (Userspace)sr runnerUsercargo run –config …Execute binary with privilegesLoad BPF programs & attach kprobesFork/Exec target program with stracePipe syscall traces (stderr)Push capability events via BPF MapsOutput ProgramResult (JSON)

High-level execution flow for gensr

Deployment Logic

Generation Logic

CLI Space (main.rs)

Generate

exec sidecar

raw output

Deploy

to_stask()

persist

load_configuration()

Cli::parse()

Commands Enum

capable::Capable

Capability Tracing

policy::Policy

deploy::setup_role_based_access

DBusPolicyBuilder

PolkitPolicyWorker

User Management

rootasrole-core::SConfig

/etc/security/rootasrole.json