问题
I have opened volume USB device and locked using CreateFile() and DeviceIoControl() in Windows.
I want same functionality on Linux/Unix system. I am new to Unix So How to get it?
My code for Windows :
HANDLE handle = CreateFile(L"\\\\.\\F:", // F: drive to open
GENERIC_READ, // no access to the drive
FILE_SHARE_READ, // share mode
NULL, // default security attributes
OPEN_EXISTING, // disposition
0x1, // file attributes
NULL); // do not copy file attributes
DWORD lpBytesReturned;
if (DeviceIoControl(handle, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &lpBytesReturned, (LPOVERLAPPED)NULL)){
printf("\n Lock SUCCESS !\n");
}
else {
printf("\n Lock Failed !\n");
}
Langage : c/c++
platform: Linux/Unix
Thanks in Advance.
回答1:
Consider using Linux namespaces, for instance, Docker containers. That way, you can grant or limit access to system resources such as network cards, storage devices, etc.
For example, you have a web server and database server. You can create two containers: one for the webserver, and the second one for the database. Each of the containers has its own filesystem, or to be precise, own view on the filesystem (namespace). Therefore, a security breach on the webserver cannot directly affect databases because they are not seen from the webserver's filesystem. Moreover, both containers have separate user permissions, so the web admin with root access still cannot mess up the databases.
The same way you can prevent access to a USB storage drive: on the host system, you can make backups from all Docker containers to a USB drive while the containers have no access to the backups as the USB storage doesn't exist for them at all.
来源:https://stackoverflow.com/questions/60146126/createfile-and-deviceiocontrol-equivalent-for-volume-devices-in-unix-linux