As we discussed 2 months ago, dazuko could use d_path when running on an
Linux 2.6 SMP system and __d_path is not exported. I have now implemented
that change as you specified (behaviour changes only for Linux 2.6 SMP
chrooted processes). [see attached email]
I hope you find it to your liking and include it into Dazuko source.
Sami Tikka tel. +358 9 2520 5115
senior software engineer fax. +358 9 2520 5014
mobile +358 40 7379388
F-Secure Corporation http://www.f-secure.com BE SURE
Tikka, Sami wrote:
> Dazuko could use the exported d_path. Then the filename the driver reports
> will be relative to the current root of the process that made the file
> access. But this is not a problem. The process which gets the dazuko events
> can easily check readlink /proc/PID/root and prepend that to the filename
> the event.
> What do you think, John? Could you make dazuko use d_path on Linux?
Well, this would double the amount of user/kernel switches, which would be a
performance hit. It would also require that the /proc system is available.
But yes, this would work.
If I were to implement this for Linux 2.6 SMP (the only affected kernels),
then I would change Dazuko to send a filename without the beginning "/" for
files in chroot'd environments. This would signal the user application that
it needed to do a lookup for the full path. This would reduce the extra
overhead to *only* file accesses in a chroot environment.
With DazukoFS we won't have this problem because we won't need __d_path().
But we can use this hack until DazukoFS is available.
This hack would only be required for Linux 2.6 SMP kernels that do not
Tikka, Sami wrote:
> As we discussed 2 months ago, dazuko could use d_path when running on an
> Linux 2.6 SMP system and __d_path is not exported. I have now implemented
> that change as you specified (behaviour changes only for Linux 2.6 SMP
> chrooted processes). [see attached email]
> I have uploaded the patch to Savannah:
> https://savannah.nongnu.org/patch/index.php?func=detailitem&item_id=4602 >
> I hope you find it to your liking and include it into Dazuko source.
Great! The patch looks good. I will be making some minor adjustments to it,
but for the most part it is really good. Thanks! I will try to get this done
The changes I will make are:
1. Moving the "chroot" flag out of the extra_data structure and into the
dazuko_core structure. I don't want dazuko_core accessing the extra_data
fields. (extra_data is a "black box" for dazuko_core)
2. Rather than leaving off the beginning "/", I will have the string
"chroot:" prepended. For example: "chroot:/bin/blah". This follows the
scheme I presented for the "event injector". It is something that will
become very important when we move to DazukoFS. It also has the benefit of
allowing new applications to detect these events by configuring "chroot:" as
My main concern is that existing applications (that do not support chroot)
will not be aware that they are missing events. I will probably build a
warning into Dazuko if the workaround is in effect and the application has
not included "chroot:" as an include path. ??