[Dazuko-devel] Symlink reporting

[Sami Tikka]

Hi!

It seems that dazuko 2.0.5-pre5 reports access to symlinks as access to 
the real file on both Linux 2.4 and 2.6. (I have not tested other 
platforms.) At least this is the case if both symlink and the real file 
are in the included directory.

Our application (file integrity checker) needs to know both the symlink 
and the real file in case the file is accessed thru a symlink. (It needs 
to check that the symlink points to the correct file and that the file 
contents match the checksum.)

I would propose that dazuko would always report the symlink access to 
the daemon. The daemon can see that the file is a symlink and readlink() 
to find out the real file.

On Linux 2.6 I guess the way to go is to set up an inode_follow_link 
callback and report the symlink access from there. Unfortunately, when 
the inode_permission callback is called, there is no way to know if 
inode_follow_link was called previously. This means that on Linux 2.6 
the dazuko driver would report file accesses thru symlink twice: first 
the access to the symlink and then the access to the real file.

We already have an implementation of this. Should I post the patch or 
does someone feel there is another, better way to implement this?

--
Sami Tikka                          tel: +358 9 2520 5115
Senior Software Engineer            fax: +358 9 2520 5013
F-Secure Corporation                http://www.F-Secure.com/
Be Sure.