Re: [Dazuko-help] Trusted applicatoin which can get access for objects blocked by Dazuko

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [Dazuko-help] Trusted applicatoin which can get access for objects blocked by Dazuko

John Ogness-2
Ilyas Khasyanov wrote:
> Can I add my any application to list of applications which can get
> access for file systems objects blocked by Dazuko?

Yes.


> I have next scheme:
> [kernel[dazuko]] <--> [app1] <--> [app2]
> in this scheme:
> app1 - daemon which catch paths to files from dazuko kernel module;
> app2 - daemon which processing files with paths from app1.
>
> How to give access for app2 (by PID or group of PIDs) to files blocked
> by dazuko in kernel?

You need to use the trusted application framework. In the 3.0.0-birthday
package, a file "doc/HOWTO-DEVELOPMENT.trusted" explains how this works.

Basically, it works like this:

app1 registers with Dazuko and includes DAZUKO_TRUST_REQUEST in the
access mask.

app2 will request trusted access from app1 (via Dazuko). If app1
accepts, app2 is free to work with files without causing events for app1.

app1 receives file access information from Dazuko and can send this
information (via pipes, sockets, shared memory, etc.) to app2. app2 can
scan the file and return the result to app1. app1 returns the result to
Dazuko.

John Ogness

P.S. This discussion is actually more appropriate on the dazuko-devel
mailing list. Other developers may also be interested.

--
Dazuko Maintainer


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel