• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: File level action protocol
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: File level action protocol

  • Subject: Re: File level action protocol
  • From: Thomas Tempelmann <email@hidden>
  • Date: Wed, 6 Jul 2005 09:26:54 +0200
Mike,
thanks for your comments.

>You can't "write a kext that hooks into the file system stack".   The
>VFS KPI
>is a one-to-one contract between the kernel and a filesystem; it does
>not support interposition by a third party.

I've heard several times the term "stackable file system". I assumed this
meant that file system calls get passed in a way that provides for
filtering of them before they reach the final FS handler?

>What do you mean by "got written"?  Created?  Modfied?
>Do you want one log entry for each operation, or just a summary?

One entry for each operation so that I know whenever a file gets modified.

> What do you plan to do about files that move after they are opened?
> Deleted after they are  opened?

I like to be able to record these events in my log as well.

>Opened twice via different paths?  Not opened by path at all?  Opened
>on remote filesystems without persistent IDs?  Opened via context-
>sensitive

I only care for user-accessible files on local disks, no need for
monitoring remote FSs or device drivers.

>if you plan to write something that
>works this closely with the system, you must understand how files
>actually work.

You mean, how they work in Unix.

I've once written something like this for Mac OS 9. There, this was
relatively easy:

I would, for instance, filter the "Write" calls. Such calls would get a
file handle passed, of course. I could then look up the file handler and
find out which file record this write belongs to. This information was
readily available thru system-provided FS-level calls.
The file record would contain the name and directory node ID, which would
allow me later to identify the file again.

Are you implying that there's no way to identify a directory entry by the
handle that gets passed to a FS write call?
Probably because you can have multiple hard links to a file and thus
there's no way telling which open() call (for which dir entry) did create
the handle?

In that case, I'd have to monitor open calls myself and build my own
table to identify the handles of write calls, right?

Thomas
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: File level action protocol
      • From: Mike Smith <email@hidden>
    • Re: File level action protocol
      • From: Quinn <email@hidden>
  • Prev by Date: File Close event - hooks
  • Next by Date: Re: File level action protocol
  • Previous by thread: Re: File level action protocol
  • Next by thread: Re: File level action protocol
  • Index(es):
    • Date
    • Thread