| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090806101059.GD31370@elf.ucw.cz> Date: Thu, 6 Aug 2009 12:10:59 +0200 From: Pavel Machek <pavel@....cz> To: Tvrtko Ursulin <tvrtko.ursulin@...hos.com> Cc: Eric Paris <eparis@...hat.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "malware-list@...sg.printk.net" <malware-list@...sg.printk.net>, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>, "greg@...ah.com" <greg@...ah.com>, "jcm@...hat.com" <jcm@...hat.com>, Douglas Leeder <douglas.leeder@...hos.com>, "tytso@....edu" <tytso@....edu>, "arjan@...radead.org" <arjan@...radead.org>, "david@...g.hm" <david@...g.hm>, "jengelh@...ozas.de" <jengelh@...ozas.de>, "aviro@...hat.com" <aviro@...hat.com>, "mrkafk@...il.com" <mrkafk@...il.com>, "alexl@...hat.com" <alexl@...hat.com>, "jack@...e.cz" <jack@...e.cz>, "a.p.zijlstra@...llo.nl" <a.p.zijlstra@...llo.nl>, "hch@...radead.org" <hch@...radead.org>, "alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>, "mmorley@....in" <mmorley@....in> Subject: Re: fanotify - overall design before I start sending patches On Wed 2009-08-05 17:46:16, Tvrtko Ursulin wrote: > On Wednesday 05 August 2009 03:05:34 Pavel Machek wrote: > > BTW my -@...e.cz address no longer works. pavel@....cz should be ok. > > > > > If a FAN_ACCESS_PERM or FAN_OPEN_PERM event is received the listener > > > must send a response before the 5 second timeout. If no response is > > > sent before the 5 second timeout the original operation is allowed. If > > > this happens too many times (10 in a row) the fanotify group is evicted > > > from the kernel and will not get any new events. Sending a response is > > > done using the setsockopt() call with the socket options set to > > > FANOTIFY_ACCESS_RESPONSE. The buffer should contain a structure like: > > > > The timeout part of interface is very ugly. Will fanotify users have > > to be realtime/mlocked? > > Why do you think it is very ugly? Do I need to explain? > Just to make sure you haven't missed this - it is not that they have to > complete the whole operation before the timeout period (since you mention > realtime/mlock I suspect this is what you think?), but _during_ the operation > they have to show that they are active by sending something like keep alive > messages. > > Or you are worried about failing to meet even that on a loaded system? There > has to be something like this otherwise hung userspace client would kill the > whole system. Of course, I'm worried about failing to meet this on loaded system. And the fact that I _have_ to worry about that means that interface is ugly/broken. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists