Hi, I just want to say that FUSE is really interesting project but from my point of view it is not a good idea to use it for the on-access scanning. I will try to explain why.
1) I think that FUSE should be used for a user-space filesystem implementation and not for changing existing filesystem behavior. 2) It is not possible to pass control down to the real filesystem driver like e.g. in LSM or FiST based filesystems. You have to use mappings from FUSE root to the real root in user-space like ClamFS does. 3) There are two paths how to access files. One via the real root and second via the FUSE(ClamFS) root. This means that only files accessed via the FUSE root will be scanned. So it is not possible to provide a real on-access scanning because users can access files via the real root which is not under on-access scanner control. Same problem is with LD_PRELOAD. This approach, I think, is used in one Eset's approach for on-access scanning. I think it is really wrong if a user is able to pass by an on-access scanner. You can solve this by changing access rights on the real root(directory). But what about system directories like /bin etc. 4) Performance, performance, performance ..... :( This will never be even close to the kernel based on-access scanner performance. All operations have to be implemented in the user-space not only operations needed by the on-access scanner. This means that all operations will be redirected to the user-space. In each operation you need to do mappings from the FUSE root to the real root. Look at the fixpath function in the clamfs.cxx file. Just compare it with the in kernel mappings(e.g. FiST). -- Regards, Frantisek Hrbata GRISOFT, s.r.o. tel. : +420 549 524 011 mailto: [EMAIL PROTECTED] _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
