One other thing that kind of bothers me is that dazuko (when using syscall hooking) reports file accesses for non-existent files.
For example, if a perl interpreter is looking for a file in its @INC path list, it simply tries to open the file in every one of those directories. Dazuko faithfully reports all of these OPEN events. One might think that a dazuko daemon simply needs to stat() the path given by dazuko to figure out if the file exists or not, but that's not always possible. The file might be on an NFS server or on some other file system where you have to run in the context of the user to even see the file. When dazuko is using LSM, it only reports OPEN and EXEC events for success file opens or executions, which makes life a bit easier for the dazuko daemon. Could dazuko allow the open syscall to first complete and only if it is successful, ask the dazuko daemon if the result can be returned to the user or not? -- Sami _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
