[PATCH] Use d_path if __d_path is not safe

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] Use d_path if __d_path is not safe

Tikka, Sami
Hello!

As we discussed 2 months ago, dazuko could use d_path when running on an
Linux 2.6 SMP system and __d_path is not exported. I have now implemented
that change as you specified (behaviour changes only for Linux 2.6 SMP
chrooted processes). [see attached email]

I have uploaded the patch to Savannah:
https://savannah.nongnu.org/patch/index.php?func=detailitem&item_id=4602

I hope you find it to your liking and include it into Dazuko source.

--
Sami Tikka                tel. +358 9 2520 5115
senior software engineer  fax. +358 9 2520 5014
                          mobile +358 40 7379388
F-Secure Corporation      http://www.f-secure.com
BE SURE

Tikka, Sami wrote:
> Dazuko could use the exported d_path. Then the filename the driver reports
> will be relative to the current root of the process that made the file
> access. But this is not a problem. The process which gets the dazuko events
> can easily check readlink /proc/PID/root and prepend that to the filename
in
> the event.
>
> What do you think, John? Could you make dazuko use d_path on Linux?

Well, this would double the amount of user/kernel switches, which would be a
performance hit. It would also require that the /proc system is available.

But yes, this would work.

If I were to implement this for Linux 2.6 SMP (the only affected kernels),
then I would change Dazuko to send a filename without the beginning "/" for
files in chroot'd environments. This would signal the user application that
it needed to do a lookup for the full path. This would reduce the extra
overhead to *only* file accesses in a chroot environment.

With DazukoFS we won't have this problem because we won't need __d_path().
But we can use this hack until DazukoFS is available.

This hack would only be required for Linux 2.6 SMP kernels that do not
export __d_path().

John Ogness

--
Dazuko Maintainer

_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Use d_path if __d_path is not safe

John Ogness
Tikka, Sami wrote:
> As we discussed 2 months ago, dazuko could use d_path when running on an
> Linux 2.6 SMP system and __d_path is not exported. I have now implemented
> that change as you specified (behaviour changes only for Linux 2.6 SMP
> chrooted processes). [see attached email]
>
> I have uploaded the patch to Savannah:
> https://savannah.nongnu.org/patch/index.php?func=detailitem&item_id=4602
>
> I hope you find it to your liking and include it into Dazuko source.

Great! The patch looks good. I will be making some minor adjustments to it,
but for the most part it is really good. Thanks! I will try to get this done
this week.

The changes I will make are:

1. Moving the "chroot" flag out of the extra_data structure and into the
dazuko_core structure. I don't want dazuko_core accessing the extra_data
fields. (extra_data is a "black box" for dazuko_core)

2. Rather than leaving off the beginning "/", I will have the string
"chroot:" prepended. For example: "chroot:/bin/blah". This follows the
scheme I presented for the "event injector". It is something that will
become very important when we move to DazukoFS. It also has the benefit of
allowing new applications to detect these events by configuring "chroot:" as
an IncludePath.

My main concern is that existing applications (that do not support chroot)
will not be aware that they are missing events. I will probably build a
warning into Dazuko if the workaround is in effect and the application has
not included "chroot:" as an include path. ??

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] Use d_path if __d_path is not safe

John Ogness
John Ogness wrote:
> Great! The patch looks good. I will be making some minor adjustments to it,
> but for the most part it is really good. Thanks! I will try to get this done
> this week.

Hi Sami,

I have added this functionality to CVS:

$ env CVS_RSH="ssh" cvs -z3 \
-d:ext:[hidden email]:/cvsroot/dazuko \
co dazuko

I was able to add the same functionality by only modifying the
dazuko_linux26.c file, localizing this solution to Linux 2.6. Your patch
helped to make things pretty easy. Thanks!

As I mentioned before, chroot'd events will come in the form of:

chroot:/path/to/file

Applications that are able to work with such events should include the
"chroot:" path:

dazukoAddIncludePath("chroot:");

For Dazuko modules that understand this, the add will be successful. If
the add returns error, then the Dazuko module does not understand chroot
events.

This was a fairly minor patch. I did some testing and it appears to work
well. I would appreciate some feedback if this change is ok for you as well.

John Ogness

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel