From owner-freebsd-hackers Mon Jan 6 16:36:27 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3982D37B401 for ; Mon, 6 Jan 2003 16:36:26 -0800 (PST) Received: from prioris.mini.pw.edu.pl (prioris.mini.pw.edu.pl [194.29.178.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9161D43EC2 for ; Mon, 6 Jan 2003 16:36:25 -0800 (PST) (envelope-from P.Dawidek@prioris.mini.pw.edu.pl) Received: from localhost (localhost.mini.pw.edu.pl [127.0.0.1]) by prioris.mini.pw.edu.pl (Postfix) with ESMTP id 906DB7D2F8; Tue, 7 Jan 2003 01:36:18 +0100 (CET) Received: by prioris.mini.pw.edu.pl (Postfix, from userid 1091) id B4D5A7D2F7; Tue, 7 Jan 2003 01:36:13 +0100 (CET) Date: Tue, 7 Jan 2003 01:36:13 +0100 From: Pawel Jakub Dawidek To: Terry Lambert Cc: freebsd-hackers@freebsd.org Subject: Re: Caching [sugestion]. Message-ID: <20030107003613.GG6825@prioris.mini.pw.edu.pl> References: <20030105215024.GB99855@prioris.mini.pw.edu.pl> <3E18B97A.32ABAE7@mindspring.com> <20030106074005.GB6825@prioris.mini.pw.edu.pl> <3E1A1702.2E592C16@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline In-Reply-To: <3E1A1702.2E592C16@mindspring.com> User-Agent: Mutt/1.4i X-PGP-Key-URL: http://garage.freebsd.pl/jules.pgp X-OS: FreeBSD 4.7-STABLE i386 X-Virus-Scanned: by AMaViS (prioris) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 06, 2003 at 03:53:38PM -0800, Terry Lambert wrote: +> If this were my job to do, I would either take the approach of +> changing how hard links and vmobject_t references are implemented, +> or I would disallow hard links, and add a "parent inode" field in +> one of the spare fields in each inode. +> +> If you did either one of these, then you chould always ask the open +> file for the vnode, and add a VOP that took the vnode, got the inode, +> amd then traversed to the root, looking in the parent for the inode +> of the object itself. Yes, but I need this functionality from kld module and there are no tools for that in kernel atm. +> > So I'm not able to create policy rules based on filenames. +> +> That's precisely correct: you are unable to create policy rules +> based on file names, because file names are references to files, +> and are not themselves file insteances. This is not FAT32, where +> there is a 1:1 identity relationship between a directory entry and +> an inode. And that's the origin of your problem. Yes, I know that (sugestion of getting file names (not directory names only) from vnode was mistake). That's why I think that there should be some caching mechanism that should remember file name of every opened file, name of executable and working directory. Example rules: We want to permit those operations: - opening file /etc/master.passwd for read only, - opening files that match to /tmp/temp.* for write, - changing mode of files /tmp/temp.* to '0666', BUT via fchmod(2). How to do that correct? There is no chance to do this in simple, clean way. I've returned to my old, ugly way - caching filenames on open(2) - it's working fine, but is complicated, because I need to catch calls of p->p_fd->fd_ofiles[X]->f_ops->fo_close() functions. -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message