Re: [Dazuko-devel] dazukofs and /dev/dazukofs.ign

[Frantisek Hrbata]

On Fri, 20 Feb 2009 19:58:01 +0100
Lino Sanfilippo <address@hidden> wrote:

> Frantisek Hrbata schrieb:
> >
> >
> > Ok, to be more accurate it is possible to avoid using "trusted"
> > framework even if the scanning is done in a different process. You
> > just need to make sure that the scanning process is started and
> > registered to the process accepting kernel events before it
> > actually starts to handle kernel events. On the other hand all file
> > accesses from the scanning process will go through process
> > accepting kernel requests. This leads to more context switches.
> >
> > -FH
> >
> >   
> 
> 
> 
> Thats right, but the question is how much is the performance
> gain and if it justifies the additional code complexity. I think the
> most file accesses will be done by untrusted processes and those
> accesses will have to be reported to userspace anyway.

You are absolutely right here as long as we are talking about
dazukofs, because it uses just open events. Generally if an
"on-access" kernel module supports also close events and you use
different process for scanning and different process to handle kernel
events and you will handle "trusted" stuff in the user space, then
there will be one more context switch for each scanned file no matter
if an event was triggered by trusted or untrusted process.

So with dazukofs you don't need to bother with this.

If you are interested you can check out the "trusted application"
section at http://www.redirfs.org/svn/redirfs/trunk/doc/libav/libav.txt.

-FH