site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FDbYAaMP4L3qAesQY8gubw691+yUsim6oBmR8bKOFa8=; b=PCKS3+ldlTmFBfBpMb/rU3TdRjwt37+ubv0uEaYPAEp0DAywy6WHunxNcXETiEu37S poAJkWJ5nnjhR2X6iTEIbjfIODKpXBW9cPONoYuEaGaLxYjBTiyj/rz/UCHD6WKH6YeX HDTS/nVWyJ27jHxj595dB3RVv1W4leIDtG0v7u9m9KOvI61IYtAMeZfKAORivpS6g8Lv t9i5lvRlKANrE+GmZuFiTVDHEr0BDD0vqjNtMYjety+m+G14Ceqq3Gm3qyUh91ZCGXjd vE/4fJQ/3Dj5rqz+lLX8Lxem13AJ21I6k7wO5l51xll3o3OrGzBMbIo8B68xiN7JrI5W EoOw== Hi, Instead of a KAUTH_SCOPE_FILEOP callback you need a KAUTH_SCOPE_VNODE callback. Registered KAUTH_SCOPE_VNODE callbacks are called with KAUTH_VNODE_ADD_FILE and KAUTH_VNODE_ADD_SUBDIRECTORY from the clonefile system call. Though it is not possible to distinguish clonefile inside KAUTH callback from operations with the same KAUTH_VNODE_* operations. You either need to backtrace a callstack from KAUTH callback or use an undocumented option of registering MAC vnode_check_clone callback. Regards, Slava Imameev On Wed, Oct 24, 2018 at 10:40 AM Craig Davison <craig65535@gmail.com> wrote:
Hello,
Is there a way to monitor clonefile operations with the kauth kpi? I don't see any relevant KAUTH_FILEOP_* in sys/kauth.h.
Thank you, -- Craig Davison _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-kernel/slava.imameev%40gmail....
This email sent to slava.imameev@gmail.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com
participants (1)
-
Slava Imameev