The file system changes in Catalina -New OS X Hacking! (242) | Mynavi News Mynavi News Mynavi
WWDC has a "discovery" even in functions that are not introduced in the keynote speech.Of course, although the eyes are different between developers and consumer users, if the specifications of the "file system" are changed, the story is a serious project related to all Mac users.This time, let's explain the changes in the file system in the next MacOS "Catalina".
A big change in file system
The directory structure of MacOS has been continuing since the era of the predecessor, NEXTSTEP/OPENSTEP, and although the role given to the directory has changed slightly, "only users (super users) with administrator privileges are rewritten.The principle of being allowed was consistent.
However, at the time of El Capitan, the "System Integrity Protection (SIP)" was introduced, and rewriting of specific areas, such as/USR, became impossible for super users in principle.This is to improve security.However, there were plenty of exceptional directory (ex. /Usr /local) in the SIP, and there was room for reducing security, such as the ability to disable the SIP itself.
In Catalina, file access is further stricter.The root volume (boot disk) formatted in APFS (Apple File System) is divided into two into the system area and the data area, and the system area is completely read -only.This is the future MacOS file system because it is forced to process when updating to Catalina.If you disable the SIP, it is possible to unlock the lead -only, but after restarting, it will automatically return to lead only.
In the lead -only system area, only the directory "/USR/bin", which has a unusual UNIX command, is placed.Rewriting files, such as the app (/Applications) and the user's work area (/users), are placed in the data area and can be distributed appropriately.
How the new file system is reflected in apps and users, but is the same as before.For example, the system folder is "/system/library", and the home directory of the user SHINOBU is "/users/shinobu".In both cases, the entity is in the data area, but there is a mechanism that allows the system area to be well separated.
The key is "Firmlinks", which is introduced to APFS in Catalina.It seems to have a function similar to a symbolic link, and if you access the system area, it will be automatically replaced with the data area where the body is.In addition, only the directory is the target, and it will not be accessible to the desired file unless you specify the direct remains that exist.
The slide used in the WWDC session describes its features as "Bi-Directional Wormhole in Path Traversal", specifying an unexpected path and trying to unauthorized access to a file that is not permission.It is certain that there is an aim to be prepared for.
Duplication / restoration of encryption volume
Note that Apple Software Restore has been expanded so that the duplication and restoration of the encrypted volume are more secure and more secure.
First of all, I would like to understand that APFS has a function/concept called "Space Sharing".Conventional file systems such as HFS Plus were fixed to one physical disk, and the work of increasing or decreasing the size was complicated and risky, but the APFS introduced the concept of "container" and physically different.You can manage the volume beyond the boundaries of driving and partitions.The lead -only file system (division between the data area and the system area) described above is the use of Space Sharing.
In Catalina, the duplication of the APFS volume is enhanced.Even before the APFS was adopted in the default file system, MacOS has a "ASR" command for volume duplication, but when the duplication of the encrypted APFS volume is executed, it is rednated.You can create a new container while performing (unlocking the code) and defraging it.The point is not just a decrypt.
The APFS has a function of encryption/decryption in the file system itself.In the system (HFS Plus) before High Sierra, the encryption and decryptence used the Corestorage function, so there was a concern that the data that was not encrypted would be exposed at that time, but through Corestorage.There is no need to worry about APFS, which is not needed.You can see that FileVault's use has increased.