site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Mike, thanks for your comments.
You can't "write a kext that hooks into the file system stack". The VFS KPI is a one-to-one contract between the kernel and a filesystem; it does not support interposition by a third party.
I've heard several times the term "stackable file system". I assumed this meant that file system calls get passed in a way that provides for filtering of them before they reach the final FS handler?
What do you mean by "got written"? Created? Modfied? Do you want one log entry for each operation, or just a summary?
One entry for each operation so that I know whenever a file gets modified.
What do you plan to do about files that move after they are opened? Deleted after they are opened?
I like to be able to record these events in my log as well.
Opened twice via different paths? Not opened by path at all? Opened on remote filesystems without persistent IDs? Opened via context- sensitive
I only care for user-accessible files on local disks, no need for monitoring remote FSs or device drivers.
if you plan to write something that works this closely with the system, you must understand how files actually work.
You mean, how they work in Unix. I've once written something like this for Mac OS 9. There, this was relatively easy: I would, for instance, filter the "Write" calls. Such calls would get a file handle passed, of course. I could then look up the file handler and find out which file record this write belongs to. This information was readily available thru system-provided FS-level calls. The file record would contain the name and directory node ID, which would allow me later to identify the file again. Are you implying that there's no way to identify a directory entry by the handle that gets passed to a FS write call? Probably because you can have multiple hard links to a file and thus there's no way telling which open() call (for which dir entry) did create the handle? In that case, I'd have to monitor open calls myself and build my own table to identify the handles of write calls, right? Thomas _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com