After some research I found that the Dazuko module could be excellent
for one of my future (non security related) project's...
if it included two more functionalities: Monitor whether the open()
syscall created a new file or just opened an existing one, and
when a directory has been made. I guess that the later one is the
easiest to implement, however I have not done any kernel level
development so I do not know about the hook's, or other things that are
involved in adding this feature but I think that they are not
supported for file creation in linux. Therefore it might be a daunting
task to implement it. If this is the case please inform me on
this so I can figure it out myself and maybe even send a patch and
inform you guy's. The last thing I want is keeping the Dazuko
comunity busy with new features and kernel hacking, as the time is more
needed for making it ready for production systems (sort
of quote from the dutch Linux magazine) and security related
features/issues as this is what Dazuko is created for.
The reason I need this is because my project will be a daemon that
updates the [s]locate databases real time (or buffer till [s]locate is
called and than write to the databases) this way the [s]locate database
includes just installed files in it's search and the system does
not suffer a performance hit when my cron deamon updates my databases.
Only when something goes terebly wrong or when
directories included in the [s]locate are managed outside the presence
of my deamon (for instance in a dual boot system) updatedb
needs to be runned. For this daemon to work it need's to know when
unlink() is called or when open() creates a new hardlink, when
directories are created and removed and possibly when [s]locate is run
(for emergency buffer flushing). That is what i want Dazuko
to do for me. There may be little to no impact on system performance, if
this is not possible the project will be dropped.
It is the first time I signed up on any mailing list, I did not want to
force you devers to go though any preceding chatter either,
therefore I am very sorry if it bothered anyone that I did not properly
introduce myself and cut to the chase. Please contact me trough
e-mail at [hidden email] or IRC on irc.freenode.net (nickname SpaT)
where I am often present.
karel van ijperen wrote:
>> The reason I need this is because my project will be a daemon that updates the [s]locate databases real time (or buffer till [s]locate is
>> called and than write to the databases) this way the [s]locate database includes just installed files in it's search and the system does
>> not suffer a performance hit when my cron deamon updates my databases.
Tikka, Sami wrote:
> It sounds to me like inotify would be a better match for your project.
I agree. Dazuko is mainly focussed on real-time file access control.
Although Dazuko has argued that it can be used for basic event
collecting, it is slowly moving away from this purpose. Future versions
of Dazuko will be implemented as a stackable filesystem and really focus
on file content (with less focus on file name/path).
Although Dazuko would work, I think it is too much administration effort
(if not now, then in the future) for your project.
inotify was created to be a passive, light-weight notification
mechanism. That seems much more suitable for a project that will perform
low-priority DB-updates in the background.