site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com I believe you are looking for the KAUTH_VNODE_ACCESS bit not being set. -- Terry On Nov 24, 2007, at 3:32 PM, Damir Dezeljin <mac@dezo.org> wrote: Hi, Thanks and best regards, Damir _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/tlambert%40apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... For your per vnode data: sorry, you have to maintain your own table. On the other hand, you could add a MAC label, but be aware that that's not KPI, you would have to link against the entire kernel each time a software update happens, and it could change out from under you. For vn_getpath(), it really depends on why you think you need the file name. It's best to check which bits are set and just prefilter requests. If you can't do that, then when you get one in, you could always just look it up in your table. For your last question, parameters vary by callback. If we didn't document it, it's probably because you can't rely on them for all calls. By reading the TN2127 and list posts I managed to develop a KEXT 'KAUTH_SCOPE_FILEOP' on OS X 10.4 that send file paths on open to user space and blocks the execution until when the reply is received. This is fine; however, I would need to block certain access to files. As I know (TN2127 states it) this is not possible withing KAUTH_SCOPE_FILEOP as the return value is ignored. So it seems I have to use the KAUTH_SCOPE_VNODE scope. However, as I know, it is impossible to 'filter' only open operations (access) in the VNODE scope. Am I right? Well, my concern is I want to minimize the kernel <-> user space trafic and so I would like to request user- space processing only once per file open lifetime (until the close () ). Please, can anyone give me a suggestion how to address this issue? Another thing I'm looking for is the posibility to attach some kind of 'file context' to the file on open. This would help a lot as I would be able to do the user-space processing on KAUTH_SCOPE_FILEOP and attach results for all subsequential VNODE callbacks related to the mentioned file. However; I guess this is not possible, but please correct me if I'm wrong. Additionally - is there any way how to avoid calling vn_getpath() for every vnode callback (e.g. if it was already called for the opened file)? And the last question for today -> I found two or three different VNODE callback parameters explanations on the internet. Where can I get the 'official' (the correct) one? This email sent to tlambert@apple.com This email sent to site_archiver@lists.apple.com