RE: Blocking file access within KAUTH
RE: Blocking file access within KAUTH
- Subject: RE: Blocking file access within KAUTH
- From: "Jernej Azarija" <email@hidden>
- Date: Mon, 26 Nov 2007 12:00:55 +0100
- Thread-topic: Blocking file access within KAUTH
Title: RE: Blocking file access within KAUTH
Hello!
>Hi,
>
>By reading the TN2127 and list posts I managed to develop a KEXT
>'KAUTH_SCOPE_FILEOP' on OS X 10.4 that send file paths on open to user space
>and blocks the execution until when the reply is received.This is fine;
Great job! ;-)
>however, I would need to block certain access to files. As I know (TN2127
>states it) this is not possible withing KAUTH_SCOPE_FILEOP as the return
>value is ignored.
What exactly do you mean by blocking certain access to files? What kind of access?
>So it seems I have to use the KAUTH_SCOPE_VNODE scope. However, as I know,
>it is impossible to 'filter' only open operations (access) in the VNODE
>scope. Am I right?
Well, either you hook the whole vnode scope, or you don't.
>Well, my concern is I want to minimize the kernel <->
>user space trafic and so I would like to request user-space processing only
>once per file open lifetime (until the close() ).
>Please, can anyone give me a suggestion how to address this issue?
>Additionally - is there any way how to avoid calling vn_getpath() for every
>vnode callback (e.g. if it was already called for the opened file)
It seems like you're concerned by performance issues. Are your concerns motivated by benchmarks?
>And the last question for today -> I found two or three different VNODE
>callback parameters explanations on the internet. Where can I get the
>'official' (the correct) one?
TN2127 should be fine, altough I found it better to rely on the source code for infos ;)
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden