From owner-svn-src-all@FreeBSD.ORG Sun Aug 4 15:33:12 2013 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A1950163; Sun, 4 Aug 2013 15:33:12 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 50C4E2CA6; Sun, 4 Aug 2013 15:33:11 +0000 (UTC) Received: from mail115-ch1-R.bigfish.com (10.43.68.231) by CH1EHSOBE016.bigfish.com (10.43.70.66) with Microsoft SMTP Server id 14.1.225.22; Sun, 4 Aug 2013 15:17:58 +0000 Received: from mail115-ch1 (localhost [127.0.0.1]) by mail115-ch1-R.bigfish.com (Postfix) with ESMTP id 0C2F620007A; Sun, 4 Aug 2013 15:17:58 +0000 (UTC) X-Forefront-Antispam-Report: CIP:66.129.224.53; KIP:(null); UIP:(null); IPV:NLI; H:P-EMF01-SAC.jnpr.net; RD:none; EFVD:NLI X-SpamScore: 3 X-BigFish: VPS3(zzzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzzz2fh2a8h668h839hf0ah1288h12a5h12a9h12bdh12e5h137ah139eh13b6h1441h14ddh1504h1537h162dh1631h1758h1898h18e1h1946h19b5h1ad9h1b0ah1b2fh1b88h1fb3h1d0ch1d2eh1d3fh1de2h1dfeh1dffh1e23h1155h) Received-SPF: pass (mail115-ch1: domain of juniper.net designates 66.129.224.53 as permitted sender) client-ip=66.129.224.53; envelope-from=sjg@juniper.net; helo=P-EMF01-SAC.jnpr.net ; SAC.jnpr.net ; Received: from mail115-ch1 (localhost.localdomain [127.0.0.1]) by mail115-ch1 (MessageSwitch) id 1375629476497450_8125; Sun, 4 Aug 2013 15:17:56 +0000 (UTC) Received: from CH1EHSMHS040.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.234]) by mail115-ch1.bigfish.com (Postfix) with ESMTP id 743241E0047; Sun, 4 Aug 2013 15:17:56 +0000 (UTC) Received: from P-EMF01-SAC.jnpr.net (66.129.224.53) by CH1EHSMHS040.bigfish.com (10.43.69.249) with Microsoft SMTP Server (TLS) id 14.16.227.3; Sun, 4 Aug 2013 15:17:56 +0000 Received: from magenta.juniper.net (172.17.27.123) by P-EMF01-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.146.0; Sun, 4 Aug 2013 08:17:55 -0700 Received: from chaos.jnpr.net (chaos.jnpr.net [172.24.29.229]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id r74FHsL85820; Sun, 4 Aug 2013 08:17:54 -0700 (PDT) (envelope-from sjg@juniper.net) Received: from chaos.jnpr.net (localhost [127.0.0.1]) by chaos.jnpr.net (Postfix) with ESMTP id 8189758097; Sun, 4 Aug 2013 08:17:54 -0700 (PDT) To: Jilles Tjoelker Subject: Re: svn commit: r253887 - head/sys/dev/filemon In-Reply-To: <20130804100304.GB35080@stack.nl> References: <201308021444.r72EiBk2059771@svn.freebsd.org> <20130802152204.GA1880@stack.nl> <20130804.121523.488481502477873993.hrs@allbsd.org> <20130804100304.GB35080@stack.nl> Comments: In-reply-to: Jilles Tjoelker message dated "Sun, 04 Aug 2013 12:03:04 +0200." From: "Simon J. Gerraty" X-Mailer: MH-E 7.82+cvs; nmh 1.3; GNU Emacs 22.3.1 Date: Sun, 4 Aug 2013 08:17:54 -0700 Message-ID: <20130804151754.8189758097@chaos.jnpr.net> MIME-Version: 1.0 Content-Type: text/plain X-OriginatorOrg: juniper.net X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, Hiroki Sato , src-committers@FreeBSD.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Aug 2013 15:33:12 -0000 >> Thank you for your comments. Can you review the attached patch? If >> there is no problem, I will commit this and MFC to stable branches. Looks good. But don't commit it untested ;-) I can test it for you. >Perhaps it is best to commit this patch, but also add a warning to >filemon(4) that it should not be loaded on systems with untrusted users >or the permissions on /dev/filemon should be restricted (via >/etc/devfs.rules). That would largely defeat the purpose. This driver was written to overcome issues with dtrace: a/ it needed privs beyond normal user b/ it could not reliably provide path of binary being exec'd c/ performace #b is probably fixable, but the fix could not be relied on to exist everywhere. This driver looks at a very limited set of syscalls, and does not report anything beyond pathnames read/written/exec'd. In the NetBSD version I even dropped stat calls as being unnecessary (for make). dtrace would meet many of Robert's criteria for a general purpose functionality but allows far more functionality, and apart from the issues above, cannot (I'm told) be ported to linux. A simple driver like this can be.