RE: Kernel authorization (Kauth) from user space
RE: Kernel authorization (Kauth) from user space
- Subject: RE: Kernel authorization (Kauth) from user space
- From: "Jernej Azarija" <email@hidden>
- Date: Thu, 11 Oct 2007 18:05:08 +0200
- Thread-topic: Kernel authorization (Kauth) from user space
Title: RE: Kernel authorization (Kauth) from user space
Heya!
> 1) The recommended way from the technical documentation is to read/write in
>kernel, but all the mailing lists discussions say to do it in user space.
In userspace? It depends on what you need to accomplish.
> 2) Assuming that I send the path from kernel to the user space daemon
>(returned by vn_getpath from the vnode parameter) , I have the following
>issues:
Actually, one of the kauth hook function arguments is the relevant path name -
you just have to cast it to (char *).
> - for files with paths longer than MATXPAHTLEN (1024) , which can be
>created with Finder:
> - vn_getpath returns error 28 (KERN_INVALID_POLICY)
> - the callback for OPEN/CLOSE actions is called with empty
>path (arg1) or it's not called at all
Use the supplied path as said. You'll only have to play about transfering the path to userspace.
> 3) A second option could be to have a file descriptor in the daemon's files
>table, directly created from kernel space from vnode parameter:
> - but it seems that there's no KPI for this, not even some exported
>BSD functions (falloc)
Yeah, playing with the kernel is not too deeply supported by BSD's.
> 4) Another possible solution seems to be using VNOP_READ/VNOP_WRITE in
>kernel space and transfer data to daemon
If you only need to hook open/close, use KAUTH_SCOPE_FILEOP. It's not reasonable to hook VNODE operations - at last from the performance view.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden