Re: DazukoFS 3.0.0-rc2 posted

On Fri October 31 2008 10:27:30 pm you wrote:
> I will try installing dazuko.rpm this weekend, and reboot, but my reading
> of the scripts involved tells me nothing should affect unresolved symbols.
> The /var/adm/fillup-templates/sysconfig.dazuko is a little harder to follow
> - maybe it does something magic that will make the 'Error: Unable to setup
> Dazuko parameters' message go away.

No joy. I rpm-ed dazuko.rpm, did a 'chkconfig boot.dazuko on', and rebooted. I 
still get dazuko and redirfs loaded, but antivir can't talk to them - same 
error as quoted above.

John - had any luck deciphering the fs/ecryptfs/inode.c file you had me post 
yet?

Thanx.

Re: DazukoFS 3.0.0-rc2 posted

jim burns wrote:
> On Thu October 9 2008 4:22:03 pm John Ogness wrote:
>   
>> I have posted the next release candidate for DazukoFS 3.0.0. One major
>> bug and several minor bugs were discovered in the process management
>> code. These have been fixed. If you encounter _any_ warnings or
>> errors, please report them to this list. Even if you can't provide (or
>> don't have time for) a detailed report, it is still helpful for me to
>> know if problems exist.
>>     
>
> As previously reported on 9/28, this won't build on openSuSE 11.0. The error 
> is in inode.c, presumably from nullfs, and is reproduced below.

I believe the root of the problem is that on openSUSE (and SLE 11), the 
vfs_mknod function has an extra "struct vfsmount" argument, put in place 
for AppArmor.  Pls. see the  http://lkml.org/lkml/2007/12/20/189 thread.

John, pls. offer your thoughts on how hard it would be to support this 
difference in the SUSE kernels...

Thx,

Ann

Re: DazukoFS 3.0.0-rc2 posted

John Ogness wrote:
> On 2008-11-03, jim burns <jim_burn <at> bellsouth.net> wrote:
>   
>> John - had any luck deciphering the fs/ecryptfs/inode.c file you had
>> me post yet?
>>     
>
> As stated by Ann in a follow-up post, most of the vfs functions take
> an additional vfsmount argument. I've created a patch against
> dazukofs-3.0.0-rc3 that should work for you. I couldn't actually test
> it, so hopefully I didn't miss any careless mistakes. Let me know if
> this works for you.
>   

John, thanks for the patch; I tried it on openSUSE 11.0.  It compiles 
with warnings but the resulting dazukofs module does not load 
(segmentation error).  The following patch incorporates your patch and 
makes a few other changes to address the compile warnings.  Using this 
patch does create a dazukofs.ko that will load, but I haven't done any 
functional testing.  I assume that we can't really test w/ AntiVir until 
Avira supports dazukofs, right?

Ann

diff -Nurp a//ctrl_dev.c c//ctrl_dev.c
--- a//ctrl_dev.c    2008-11-04 11:36:52.000000000 -0700
+++ c//ctrl_dev.c    2008-11-04 11:48:34.000000000 -0700
 <at>  <at>  -178,7 +178,7  <at>  <at>  int dazukofs_ctrl_dev_init(int dev_major

     /* create control device */

Re: DazukoFS 3.0.0-rc2 posted

On 2008-11-04, Ann Davis <andavis <at> novell.com> wrote:
> John, thanks for the patch; I tried it on openSUSE 11.0.  It
> compiles with warnings but the resulting dazukofs module does not
> load (segmentation error).  The following patch incorporates your
> patch and makes a few other changes to address the compile warnings.
> Using this patch does create a dazukofs.ko that will load, but I
> haven't done any functional testing.

Thanks. The rest of the missing changes simply correspond to an
earlier CVS version that supported 2.6.26. And from looking at the
earlier version, I noticed that a couple parts of your patch are
incorrect. Below I've included a new version of the patch that should
compile and run on openSUSE 11.0. I would appreciate some feedback on
this.

> I assume that we can't really test w/ AntiVir until Avira supports
> dazukofs, right?

You can test with the "showfiles" test application included in the
dazukofs package. But as for AntiVir, I do not know what their plans
are with regard to DazukoFS. However, Avira GmbH is maintainer contact
with me and we will be meeting soon to discuss exactly this issue.

$ tar xzvf dazukofs-3.0.0-rc3.tar.gz
$ cd dazukofs-3.0.0-rc3
$ patch -p1 < this_email
$ make

John Ogness

Re: DazukoFS 3.0.0-rc2 posted

John Ogness wrote:
> On 2008-11-04, Ann Davis <andavis <at> novell.com> wrote:
>   
>> John, thanks for the patch; I tried it on openSUSE 11.0.  It
>> compiles with warnings but the resulting dazukofs module does not
>> load (segmentation error).  The following patch incorporates your
>> patch and makes a few other changes to address the compile warnings.
>> Using this patch does create a dazukofs.ko that will load, but I
>> haven't done any functional testing.
>>     
>
> Thanks. The rest of the missing changes simply correspond to an
> earlier CVS version that supported 2.6.26. And from looking at the
> earlier version, I noticed that a couple parts of your patch are
> incorrect. Below I've included a new version of the patch that should
> compile and run on openSUSE 11.0. I would appreciate some feedback on
> this.
>   

This latest patch works great.  Running showfiles per the README (which 
I finally read ) shows all the /tmp/dazukofs_test file names nicely.

>   
>> I assume that we can't really test w/ AntiVir until Avira supports
>> dazukofs, right?
>>     
>
> You can test with the "showfiles" test application included in the
> dazukofs package. But as for AntiVir, I do not know what their plans
> are with regard to DazukoFS. However, Avira GmbH is maintainer contact

libdazuko posted

Hi,

I posted a new package that only includes userspace libraries to
interact with DazukoFS. The package is currently in the testing area
of the downloads page.

Aside from a library providing the new DazukoFS API, additional
wrapper libraries are also included that provide the Dazuko 2.x API,
but use DazukoFS.

See the README in the package for details.

Since much of the functionality between Dazuko 2.x and DazukoFS does
not match up, the wrapper libraries probably aren't very
practical. However, I decided to provide them anyway in case anyone is
interested.

John Ogness

--

-- 
Dazuko Maintainer

DazukoFS ignore device

Hi John,

would it make sense to you to extend the dazukofs.ign device in a way 
that a process is able to
register other processes (i.e. by writing their pid to it)?
I think that could be useful for applications that use a single process 
to manage the
access permissions of other applications/processes.

Greetings,
Lino Sanfilippo 

Geschäftsführender Gesellschafter: Tjark Auerbach
Sitz der Gesellschaft: Tettnang
Handelsregister: Amtsgericht Ulm, HRB 630992

ALLGEMEINE GESCHÄFTSBEDINGUNGEN
Es gelten unsere Allgemeinen Geschäftsbedingungen
(AGB). Sie finden sie in der jeweils gültigen Fassung
im Internet unter http://www.avira.de/agb
***************************************************

Re: DazukoFS ignore device

On 2008-11-07, Lino Sanfilippo <lino.sanfilippo <at> avira.com> wrote:
> would it make sense to you to extend the dazukofs.ign device in a
> way that a process is able to register other processes (i.e. by
> writing their pid to it)?  I think that could be useful for
> applications that use a single process to manage the access
> permissions of other applications/processes.

I agree that it could be useful, but PID's are not very secure. The
Dazuko 2.x method of allowing child-processes to be trusted is
probably a better way to go.

I suppose writing something to the dazukofs.ign device could be used
to interpret if children should be ignored or not. However, that is
quite an expensive feature. For every file access, Dazuko(FS) must go
through the list of ignored processes and check if the accessing
process is a child of that process.

I am worried that dazukofs.ign will become the "rule" instead of the
"exception" for application developers. This is not something that we
should encourage.

I need to let this thought sit on my brain for a little while. Anyone
else have comments on this?

John Ogness

--

-- 
Dazuko Maintainer

showfiles.sh

Hi,

Just for fun I created a shell script that prints out all the files
being accessed in DazukoFS. It is essentially the same as the
"showfiles.c" example program, but is implemented in shell script.

The script makes use of a few external tools (sh, ls, grep, sed, echo)
so it is critical that these tools are _not_ stacked with
DazukoFS. (They are most likely located in /bin.)

The script is quite inefficient. But the fact that you can write a
shell script with some very basic UNIX tools to interact with DazukoFS
shows how simple the new userspace<->kernel protocol really is.

Of course, using libdazukofs.so is far more efficient and much
simpler. I just wanted to create the script to show that it can be
done. ;)

John Ogness

--

-- 
Dazuko Maintainer

_______________________________________________
Dazuko-devel mailing list

Re: showfiles.sh

On 2008-11-07, John Ogness <dazukolist <at> ogness.net> wrote:
> Just for fun I created a shell script that prints out all the files
> being accessed in DazukoFS.
>
> The script makes use of a few external tools (sh, ls, grep, sed,
> echo) so it is critical that these tools are _not_ stacked with
> DazukoFS. (They are most likely located in /bin.)

I forgot to mention that the external tools make use of other external
files (such as libraries). So the script should really only be used
when DazukoFS is only stacked upon non-sysmtem directories.

I also forgot to mention that you run the script without any
parameters:

# sh showfiles.sh

With Ctrl-C the script will gracefully exit.

John Ogness

--

-- 
Dazuko Maintainer