[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] meaning of set in struct dazuko_access
From: |
Tushar |
Subject: |
Re: [Dazuko-devel] meaning of set in struct dazuko_access |
Date: |
30 Aug 2005 12:55:35 +0530 |
On Mon, 2005-08-29 at 23:05, John Ogness wrote:
> Tushar wrote:
> > What is meaning of set_xxx fields in struct dazuko_accee ?
> > I have seen it almost for all fields of dazuko_access, e.g there is a
> > field "event" and "set_event", "filename" and "filename_set" etc.
>
> Hi,
>
> It is not possible that all information is filled in with each event.
> For example, there is no "mode" for ON_CLOSE events. This value only
> makes sense for ON_OPEN events.
>
> Since there is no guarenteed way to represent an unset value, each value
> has a separate set_xxx boolean. If the boolean is set to false, then
> Dazuko was not able to determine a value for that item.
>
> For example, if uid == 0 and set_uid != 0, then you know that the event
> was triggered by a root process. But if uid == 0 and set_uid == 0, then
> this means that Dazuko was unable to determine which user triggered the
> event.
>
> In summary, the field XXX only has meaning if set_XXX is nonzero.
>
Thanks for reply.
I will like to know if somewhat detailed document is available somewhere
on dazuko.
Other problem I got is with deny access. I am using
dazuko-2.0.6 on
RH7.1. I am trying to deny access to a specific dir for all events. So
the modified code of example_mt.c is as follows. I have simply changed
acc->deny=0 to acc->deny=1.
if (dazukoGetAccess_TS(dazuko_id, &acc) == 0)
{
print_access(acc, thread_id);
/* always deny access */
acc->deny = 1;
/* return access (IMPORTANT, the kernel is
waiting for us!) */
if (dazukoReturnAccess_TS(dazuko_id, &acc) != 0)
{
printf("error: failed to return access
(thread:%d)\n", thread_id);
RUNNING = 0;
}
}
It works fine except one case, if I copy a file to monitored dir which
is already not there, then access is allowed. However, it works(i.e
access is denied ) if I try to overwrite a file in monitored dir.
Is this a bug or there is some reason behind this.
Thanks.
--
Regards,
Tushar
--------------------
It's not a problem, it's an opportunity for improvement. Lets improve.