Re: Caching [sugestion].

Pawel Jakub Dawidek Sun, 05 Jan 2003 23:40:33 -0800

On Sun, Jan 05, 2003 at 03:02:18PM -0800, Terry Lambert wrote:
+> This is a much larger problem than you make it out to be.


Yes, right, using vnodes is bad idea, sorry.

I'll describe my problem precisely.
I'm writing kld module where it have to be done.
I got two choices:
        - getting path from cache, but this don't give me 100% sure
          that I'll get this path (even if it exists),
        - (ugly to) catch syscalls:
                + open(),
                + chdir(),
                + fchdir(),
                + execve(),
          add two my functions to at_exit() and at_fork() and
          (this is ugly as fuck) remember and switch functions
          that are called on descriptor close
          (p->p_fd->fd_ofiles[X]->f_ops->fo_close()).

With second strategy I could cache filenames:
        - name of executable per process (on execve()),
        - name of opened file per file descryptor (p->p_fd->p_ofiles[X],
          on open()),
        - and only name of working directory per vnode (there can't be
          hardlinks to directory, so...; on [f]chdir()).

Struct for this could looks like:

struct mycache {
        union {
                struct file     *mc_fp;
                struct proc     *mc_proc;
                struct vnode    *mc_vp;
        } myunion;
        u_int           mc_ref;
        u_char          mc_type;
#define MYTYPE_FILE     0
#define MYTYPE_PROC     1
#define MYTYPE_VNODE    2
};
#define mc_fp   myunion.mc_fp
#define mc_proc myunion.mc_proc
#define mc_vp   myunion.mc_vp

Reference counts are updated on every open/fo_close (for MYTYPE_FILE),
execve/exit/fork (for MYTYPE_PROC) and fork/chdir/fchdir (for MYTYPE_VNODE).

But as You can see, now, if I want to get functionaly what I want,
I need to be _very_ nasty (and evil of course):)

This could be useful in a future, for example in MAC functionality.
Now we got:

static int
mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
    struct vnode *vp, struct label *label)
{
        [...]
}

or:

static int
mac_none_check_vnode_write(struct ucred *active_cred,
    struct ucred *file_cred, struct vnode *vp, struct label *label)
{
        [...]
}

or even:

static int
mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
    struct label *vlabel, struct label *intlabel)
{
        [...]
}

So I'm not able to create policy rules based on filenames.

-- 
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: Caching [sugestion].

Reply via email to