Date: Tue, 7 Jan 2003 01:36:13 +0100 From: Pawel Jakub Dawidek <P.Dawidek@prioris.mini.pw.edu.pl> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Caching [sugestion]. Message-ID: <20030107003613.GG6825@prioris.mini.pw.edu.pl> In-Reply-To: <3E1A1702.2E592C16@mindspring.com> References: <20030105215024.GB99855@prioris.mini.pw.edu.pl> <3E18B97A.32ABAE7@mindspring.com> <20030106074005.GB6825@prioris.mini.pw.edu.pl> <3E1A1702.2E592C16@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 06, 2003 at 03:53:38PM -0800, Terry Lambert wrote: +> If this were my job to do, I would either take the approach of +> changing how hard links and vmobject_t references are implemented, +> or I would disallow hard links, and add a "parent inode" field in +> one of the spare fields in each inode. +> +> If you did either one of these, then you chould always ask the open +> file for the vnode, and add a VOP that took the vnode, got the inode, +> amd then traversed to the root, looking in the parent for the inode +> of the object itself. Yes, but I need this functionality from kld module and there are no tools for that in kernel atm. +> > So I'm not able to create policy rules based on filenames. +> +> That's precisely correct: you are unable to create policy rules +> based on file names, because file names are references to files, +> and are not themselves file insteances. This is not FAT32, where +> there is a 1:1 identity relationship between a directory entry and +> an inode. And that's the origin of your problem. Yes, I know that (sugestion of getting file names (not directory names only) from vnode was mistake). That's why I think that there should be some caching mechanism that should remember file name of every opened file, name of executable and working directory. Example rules: We want to permit those operations: - opening file /etc/master.passwd for read only, - opening files that match to /tmp/temp.* for write, - changing mode of files /tmp/temp.* to '0666', BUT via fchmod(2). How to do that correct? There is no chance to do this in simple, clean way. I've returned to my old, ugly way - caching filenames on open(2) - it's working fine, but is complicated, because I need to catch calls of p->p_fd->fd_ofiles[X]->f_ops->fo_close() functions. -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030107003613.GG6825>