Date: Mon, 6 Jan 2003 08:40:05 +0100 From: Pawel Jakub Dawidek <P.Dawidek@prioris.mini.pw.edu.pl> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Caching [sugestion]. Message-ID: <20030106074005.GB6825@prioris.mini.pw.edu.pl> In-Reply-To: <3E18B97A.32ABAE7@mindspring.com> References: <20030105215024.GB99855@prioris.mini.pw.edu.pl> <3E18B97A.32ABAE7@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 05, 2003 at 03:02:18PM -0800, Terry Lambert wrote:
+> This is a much larger problem than you make it out to be.
Yes, right, using vnodes is bad idea, sorry.
I'll describe my problem precisely.
I'm writing kld module where it have to be done.
I got two choices:
- getting path from cache, but this don't give me 100% sure
that I'll get this path (even if it exists),
- (ugly to) catch syscalls:
+ open(),
+ chdir(),
+ fchdir(),
+ execve(),
add two my functions to at_exit() and at_fork() and
(this is ugly as fuck) remember and switch functions
that are called on descriptor close
(p->p_fd->fd_ofiles[X]->f_ops->fo_close()).
With second strategy I could cache filenames:
- name of executable per process (on execve()),
- name of opened file per file descryptor (p->p_fd->p_ofiles[X],
on open()),
- and only name of working directory per vnode (there can't be
hardlinks to directory, so...; on [f]chdir()).
Struct for this could looks like:
struct mycache {
union {
struct file *mc_fp;
struct proc *mc_proc;
struct vnode *mc_vp;
} myunion;
u_int mc_ref;
u_char mc_type;
#define MYTYPE_FILE 0
#define MYTYPE_PROC 1
#define MYTYPE_VNODE 2
};
#define mc_fp myunion.mc_fp
#define mc_proc myunion.mc_proc
#define mc_vp myunion.mc_vp
Reference counts are updated on every open/fo_close (for MYTYPE_FILE),
execve/exit/fork (for MYTYPE_PROC) and fork/chdir/fchdir (for MYTYPE_VNODE).
But as You can see, now, if I want to get functionaly what I want,
I need to be _very_ nasty (and evil of course):)
This could be useful in a future, for example in MAC functionality.
Now we got:
static int
mac_none_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp, struct label *label)
{
[...]
}
or:
static int
mac_none_check_vnode_write(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp, struct label *label)
{
[...]
}
or even:
static int
mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
struct label *vlabel, struct label *intlabel)
{
[...]
}
So I'm not able to create policy rules based on filenames.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030106074005.GB6825>