site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com On Jun 15, 2007, at 2:59 AM, Yogesh Kulkarni wrote: This is the behaviour as defined for the KAUTH_FILEOP scope. = Mike _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I am writing a kext module which monitors file system activities and generates events, by taking help of 'Sample Code Project KauthOrRama' in Technical Note 2127 for Kernel Authorization. But KAuth is generating event after the action (e.g. READ / WRITE) takes place on the file. In our Application, we require that event should be generated before the actual action on the file is performed. Your KAUTH plugin can elect to participate in the authorisation phase by registering in the KAUTH_VNODE scope, however it is important to note that you may see operations that are not performed (due to another participant refusing the operation). There are also operations which are not authorised, in which case you won't see them at all. Is it possible with Kauth ? If not, what are the other ways of doing the same ? The fact that you care about being notified before the operation suggests that you have some desire to refuse, modify or defer some operations. Is this the case? If you can explain some more about your Application, we may be able to help you further. This email sent to site_archiver@lists.apple.com