On Mon, Jan 06, 2003 at 03:53:38PM -0800, Terry Lambert wrote:
+> If this were my job to do, I would either take the approach of
+> changing how hard links and vmobject_t references are implemented,
+> or I would disallow hard links, and add a "parent inode" field in
+> one of the spare fields in each inode.
+>
+> If you did either one of these, then you chould always ask the open
+> file for the vnode, and add a VOP that took the vnode, got the inode,
+> amd then traversed to the root, looking in the parent for the inode
+> of the object itself.
Yes, but I need this functionality from kld module and there are no tools
for that in kernel atm.
+> > So I'm not able to create policy rules based on filenames.
+>
+> That's precisely correct: you are unable to create policy rules
+> based on file names, because file names are references to files,
+> and are not themselves file insteances. This is not FAT32, where
+> there is a 1:1 identity relationship between a directory entry and
+> an inode. And that's the origin of your problem.
Yes, I know that (sugestion of getting file names (not directory names only)
from vnode was mistake). That's why I think that there should be some
caching mechanism that should remember file name of every opened file,
name of executable and working directory.
Example rules:
We want to permit those operations:
- opening file /etc/master.passwd for read only,
- opening files that match to /tmp/temp.* for write,
- changing mode of files /tmp/temp.* to '0666', BUT via fchmod(2).
How to do that correct?
There is no chance to do this in simple, clean way.
I've returned to my old, ugly way - caching filenames on open(2) -
it's working fine, but is complicated, because I need to catch calls
of p->p_fd->fd_ofiles[X]->f_ops->fo_close() functions.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
