site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cvcEcXMKPd+urUXBTlGYtM7ad1RccCGKGwPuZajOQxY=; b=veWEHs8sKuXHOKwxdJ0EAmKOl3BTBk9LPwRW4PY0glJepA0iAsR/3ULsPyTl/iMJx3 D1wdvTDvzD9G1hWy++/QMw43RK+pi8PqZTRUEtmGmXJaT4Yjz8DRZeg7014CXVgdOtPq JWe3uDSE8iqgRSiXZbo/q6XJhAEiAATDkO8kTbiBn40d1a0gYQ/O0gmwY4Tbd80ec2Ks mPpP7/Ij/o/zfS3rFWfd6YVaM2vhiO9fj45WXFIEyvNAwgeVWHSivkSbkfqIOjQn+f8b Z24q7x7BcRB/bW1cI/PxZV5UvrgbYOKKK+lZcs54xIIbUBCZia+YETrPSzWMhTBG+HBV nbrA== Thank you, Slava. That is very helpful -- Craig Davison On Wed, Oct 24, 2018 at 2:05 AM Slava Imameev <slava.imameev@gmail.com> wrote:
Hi,
Instead of a KAUTH_SCOPE_FILEOP callback you need a KAUTH_SCOPE_VNODE callback. Registered KAUTH_SCOPE_VNODE callbacks are called with KAUTH_VNODE_ADD_FILE and KAUTH_VNODE_ADD_SUBDIRECTORY from the clonefile system call. Though it is not possible to distinguish clonefile inside KAUTH callback from operations with the same KAUTH_VNODE_* operations. You either need to backtrace a callstack from KAUTH callback or use an undocumented option of registering MAC vnode_check_clone callback.
Regards, Slava Imameev
On Wed, Oct 24, 2018 at 10:40 AM Craig Davison <craig65535@gmail.com> wrote:
Hello,
Is there a way to monitor clonefile operations with the kauth kpi? I don't see any relevant KAUTH_FILEOP_* in sys/kauth.h.
Thank you, -- Craig Davison _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/slava.imameev%40gmail....
This email sent to slava.imameev@gmail.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com