Re: [Dazuko-devel] meaning of set in struct dazuko

dazuko-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] meaning of set in struct dazuko_access

From:	Tushar
Subject:	Re: [Dazuko-devel] meaning of set in struct dazuko_access
Date:	30 Aug 2005 12:55:35 +0530

On Mon, 2005-08-29 at 23:05, John Ogness wrote:
> Tushar wrote:
> > What is meaning of set_xxx fields in struct dazuko_accee ?
> > I have seen it almost for all fields of dazuko_access, e.g there is a
> > field "event" and "set_event", "filename" and "filename_set" etc.
> 
> Hi,
> 
> It is not possible that all information is filled in with each event.
> For example, there is no "mode" for ON_CLOSE events. This value only
> makes sense for ON_OPEN events.
> 
> Since there is no guarenteed way to represent an unset value, each value
> has a separate set_xxx boolean. If the boolean is set to false, then
> Dazuko was not able to determine a value for that item.
> 
> For example, if uid == 0 and set_uid != 0, then you know that the event
> was triggered by a root process. But if uid == 0 and set_uid == 0, then
> this means that Dazuko was unable to determine which user triggered the
> event.
> 
> In summary, the field XXX only has meaning if set_XXX is nonzero.
> 
Thanks for reply. 
I will like to know if somewhat detailed document is available somewhere
on dazuko.

  
                Other problem I got is with deny access. I am using 
dazuko-2.0.6 on
RH7.1.  I am trying to deny access to a specific dir for all events. So
the modified code of example_mt.c  is as follows. I have simply changed
acc->deny=0 to acc->deny=1.


        
 if (dazukoGetAccess_TS(dazuko_id, &acc) == 0)
                {
                        print_access(acc, thread_id);
                                                                                
                                             
                        /* always deny access */
                        acc->deny = 1;
                                                                                
                                             
                        /* return access (IMPORTANT, the kernel is
waiting for us!) */
                        if (dazukoReturnAccess_TS(dazuko_id, &acc) != 0)
                        {
                                printf("error: failed to return access
(thread:%d)\n", thread_id);
                                RUNNING = 0;
                        }
                }

It works fine except one case, if I copy a file to monitored dir which
is already not there, then access is allowed. However, it works(i.e
access is denied ) if I try to overwrite a file in monitored dir.
Is this a bug or there is some reason behind this.
Thanks. 
-- 
Regards,
Tushar
--------------------
It's not a problem, it's an opportunity for improvement. Lets improve.

[Prev in Thread]

Current Thread

[Next in Thread]

[Dazuko-devel] meaning of set in struct dazuko_access, Tushar, 2005/08/29
- Re: [Dazuko-devel] meaning of set in struct dazuko_access, John Ogness, 2005/08/29
  - Re: [Dazuko-devel] meaning of set in struct dazuko_access, Tushar <=

Prev by Date: Re: [Dazuko-devel] OpenBSD port?
Next by Date: [Dazuko-devel] system call hooking for Linux 2.6?
Previous by thread: Re: [Dazuko-devel] meaning of set in struct dazuko_access
Next by thread: [Dazuko-devel] OpenBSD port?
Index(es):
- Date
- Thread