Hi, > > No, won't do the trick either. I cannot afford setting up watchdogs for > > every file or even every directory. And I'm essentially "interested" in > > every one of them (for mirroring purposes). A more general approach is > > needed. E.g., if an unlink call is issued and an inode is within a > > particular filesystem (luckily, most of our data already lives on or can > > be easily moved to a separate filesystem), a notice is sent to some > > userland daemon: "file /www/xxx/yyy.shtml is unlinked". Or opened for > > writing, or renamed... etc. The file is then scheduled for distribution > > to mirrors. The idea seems simple and straightforward, yet I don't know > > if it is achievable. > > > > The essential part is obtaining the full pathname of the file (won't > > bother with hardlinks at first, they aren't used here). Could that be > > done with the FreeBSD's filesystem (vnode/vfs?) code? (which I'm not > > familiar with) > > The TrustedBSD Audit code should be able to fill this need -- the goal of > the Audit code is to be able to track "security critical events" in a > configurable way, so file open/link/symlink/unlink operations are an > important subset of that. We hope to integrate the Audit code into 6.x in > the next few months, and then (in as much as is possible given kernel ABI > requirements) merge for 5.5. However, this is some time away still, so > presumably can't help in the short term. The result, though, is an event > stream file that's mechanically parseable, and the even stream can be > configured to indicate which types of events are important at a fairly > fine granularity.
Sounds great. But i have similar tasks (not so huge amount of files) and i'd prefer to extend kqueue/kevent with EVFILT_INODE filter to have ability to monitor changes in file without opening it. -- Nick Strebkov Public key: http://humgat.org/~nick/pubkey.txt fpr: 552C 88D6 895B 6E64 F277 D367 8A70 8132 47F5 C1B6 _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
