Fwd: Mounting DauzkoFS on root

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Mounting DauzkoFS on root

jim burns
I was still registering for the list when I sent these emails to John:

----------  Forwarded Message  ----------

Is this possible? I can mount it on any subdirectory, and run
dazuko-3.0.0-birthday/build/user/example/c/example ( or example_mt ), and get
events reported on the console, but not if I overlay the root filesystem.
Also, my cpu usage doesn't go up, which further confirms dazuko is not
passing anything to antivir.

Obviously, I could overlay every subdirectory of root, but if some process
manages to get a file into '/', it won't be scanned.

Thanx.

----------  Forwarded Message  ----------

Oh, and I should say, when I try to mount DazukoFS, it doesn't echo
to /etc/mtab - only to /proc/mounts (openSuSE 10.2). I get around this by
inserting this line in /etc/init.d/boot.localfs after the local filessystem
mounts:

(until lsmod|grep dazuko; do :; done; set -x; mount -v -t dazukofs / / -o
dir=/; grep dazukofs /proc/mounts>>/etc/mtab)&


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Mounting DauzkoFS on root

John Ogness-2
jim burns wrote:
> Is this possible? I can mount it on any subdirectory, and run
> dazuko-3.0.0-birthday/build/user/example/c/example ( or example_mt ), and get
> events reported on the console, but not if I overlay the root filesystem.
> Also, my cpu usage doesn't go up, which further confirms dazuko is not
> passing anything to antivir.

Yes, this is a known issue. The technical problems associated with this
are briefly mentioned in the README under the section:

"IMPORTANT - ALREADY RUNNING PROCESSES"

Since the "init" process is started before DazukoFS is mounted and all
subprocesses fork from "init", it is not possible to mount DazukoFS on
"/" and expect file events to be detected. For this to happen, the
DazukoFS mount would need to take place before "init" runs (which hasn't
quite been worked out yet).

I've been doing some experiments to see if I can use chroot(8) or
pivot_root(8) to try and accomplish this, but have been unsuccessful so far.


> Obviously, I could overlay every subdirectory of root, but if some process
> manages to get a file into '/', it won't be scanned.

For the moment, that is the only available option.


> Oh, and I should say, when I try to mount DazukoFS, it doesn't echo
> to /etc/mtab - only to /proc/mounts (openSuSE 10.2).

I will look into this. DazukoFS is based on the FiST project, so perhaps
they know more about this.

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: UNS: Re: Fwd: Mounting DauzkoFS on root

jim burns
Thanx for your reply.

On Wed May 9 2007 2:29:32 pm John Ogness wrote:

> jim burns wrote:
> Yes, this is a known issue. The technical problems associated with this
> are briefly mentioned in the README under the section:
>
> "IMPORTANT - ALREADY RUNNING PROCESSES"
>
> Since the "init" process is started before DazukoFS is mounted and all
> subprocesses fork from "init", it is not possible to mount DazukoFS on
> "/" and expect file events to be detected. For this to happen, the
> DazukoFS mount would need to take place before "init" runs (which hasn't
> quite been worked out yet).

I assumed this meant I just need to make sure the mounts take place early in
the boot process. Since mounts take place in /etc/init.d/boot.localfs (on
SuSE), and the boot services run before any other services, the mounts take
place before most processes are run. In fact, I do a 'ps -AH' in
boot.localfs, and there are only 30 processes running just after the local
filesystem mounts take place, and most of them are kthreads.

Refresh my unix system programming memory - just because 'init' has '/' open
doesn't mean every proc forked off of 'init' has it open, does it? I assumed
that any program started after the local filesystem mounts are done would be
fully covered. If unix procs inherit open files from init, those
files/filesystems can never be protected.

> > Oh, and I should say, when I try to mount DazukoFS, it doesn't echo
> > to /etc/mtab - only to /proc/mounts (openSuSE 10.2).
>
> I will look into this. DazukoFS is based on the FiST project, so perhaps
> they know more about this.

Just to be clear, this only happens if I try to mount '/'. It works fine for
other files or subdirs.

I'm having varying success overlaying the subdirs and files under '/'. Do you
recommend overlaying local filesystems like vfat, ntfs, fuse? Remote
filesystem mount points? Special filesystems - proc, sysfs, debugfs, udev
(/dev), devpts? I was not able to overlay /dev, /proc, /sys (major network
problems); /sbin & /usr (causes some services to report failure, tho' the
process is still running); /var (nfs problems); or any mount point or parent
of a mount point. I also am having problems shutting down. I had to
separate 'umount'-ing the dazukofs systems in boot.localfs, because they
trigger an error path. I do 'umount -avt dazukofs', which segfaults (on /lib,
I think), and then pass 'nodazukofs' to the normal 'umount' in boot.localfs.

Thank you for any guidance you can provide.


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel