Architecture Overview
RootAsRole has a combinaison of several designs for profiting of several advantages : Performance, organisational means and technical enforcement precision.
Binaries
dosr: policy lookup, authentication flow, and command execution uner a restricted context.chsr: policy editing and conversion interface.capable: policy discovery, available in its own repository.gensr: fully automated policy generation, available in its own repository
Internal crates
rar-common: shared policy model, storage handling, migrations, utility logic.rar-exec: execution pipeline primitives (runner, terminal/pty, pipe, signals).
Did you know that there are two approaches for secure execution?The version 4.0 of RootAsRole is switching from the first to second design! We believe that the risk taken by implementation error is worth the security feature to protect against innapropriate user inputs.
- The openBSD one is about calling execve() directly for minimal code implementation. Less features, more robust is the software.
- The sudo one is about adding a intermediary process in order to oversee the communication between user and privileged process.
High-level execution flow for dosr
- Parse CLI filters and command input.
- Load policy and identify matching tasks.
- Resolve effective options/credentials.
- Authenticate (PAM) when required.
- Apply pre-exec orchestration and spawn target command.
High-level execution flow for chsr
- Parse grammar-based command input.
- Apply mutations to in-memory settings.
- Validate and persist storage.
- Optionally convert JSON/CBOR storage format.