Re: File change notification

[Michael Clark]

On 01/01/04 09:58, Dave Jones wrote:
> On Thu, Jan 01, 2004 at 09:28:08AM +0800, Michael Clark wrote:
>  > Have you had a look at dazuko. It provides a consistent file access
>  > notification mechanism (and also intervention for denying access) across
>  > linux and freebsd. It is currently being used by various on-access
>  > virus scanners. It is under active development and supports 2.6 (and 2.4)
>
> Candidate for "Wackiest sys_call_table patching 2004".
> In a word "ick". Code not to be read on a full stomach.

Oh well, hadn't read the kernel code yet. Although certainly the *goal* is
a good one - a cross platform interface for file change notification.

Yes I see what you mean after having a look. Would make sense to convert
this over to use only LSM hooks (which it appears to use already) if that
was possible - or maybe could be done using a VFS proxy filesystem that
monitors/relays calls to an underlying fs.

The userspace interface appears relatively sane with its chardev interface
although due to it's ability to intervene on file access, it creates a
single point of failure that can livelock the machine if the userspace
monitoring proccess dies. This could be worked around if the poilicy
was to go unmonitored in the case that the userspace process dies.

~mc

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/