Re: Using VFS operations for a given nod

• Subject: Re: Using VFS operations for a given nod
• From: Michael Smith <email@hidden>
• Date: Wed, 25 Jul 2007 23:05:00 -0700
• Delivered-to: email@hidden
• Delivered-to: email@hidden

On Jul 25, 2007, at 12:04 PM, email@hidden wrote:

As a general rule, if you think you want to initiate operations on
files, file attributes, pathnames etc. from the kernel you have made
a design error and need to stop and re-evaluate what you are doing.

That's usually true although I don't see any other method that is more
elegant - maybe you do, so let me explain what I'm trying to do :

===
- open() is hooked with Kauth

- if there is some special extended attribute set on the opening file,
handle some security issues before returning a file descriptor, else,
return the proper fd.
===

Do you see any other way to keep track of the files handled by the
security module? (please note that the extended attribute holds some
meaningful data for the kernel)

Sure, now we can question about the purpose of the security module,
why it has to rely on userspace data, etc... but focusing on the
approach I've described, do you see any other solution to keep track
about which files to handle in a special manner?

In almost every case, what you are trying to do should be handled in
user space.

I'd say this is an exception.

 = Mike

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/darwin-dev/email@hidden

• Follow-Ups:
  • Re: Using VFS operations for a given nod
    • From: "Standard Azi" <email@hidden>

• Prev by Date: Re: Using VFS operations for a given node
• Next by Date: Re: Using VFS operations for a given node
• Previous by thread: Re: [darwin-dev] Future for read_random ?
• Next by thread: Re: Using VFS operations for a given nod
• Index(es):
  • Date
  • Thread