Hi, While browsing the web for a system that would allow me to somehow restrict access to files by asking a userland program, I found Dazuko. It appeared that Dazuko could basically do anything I want. It could also give me all the information I need, pid, uid, etc.
Unfortunately, I soon found out that Dazuko was never going to work for me. I'm on a Debian stock kernel with openvz patches applied. This kernel doesn't like the "capabilities" thing (you can only turn it on/off, can't make it modular), and I wouldn't be comfortable running syscall hooks on a openvz system. I tried to get it working for several hours, even tried several custom kernels, but every time I tried to get a bit more information, I found posts from people saying it simply won't work on newer kernels, and that opening the "capabilities" thing would be a security risk. Not to mention that it might break the openvz stuff. Then yesterday I found a post on the Dazuko website that basically said that Dazuko will no longer be supported. At that point, I just gave up on Dazuko, and went to bed. Then the next day, after reading the post a bit more, I noticed the talks about DazukoFS. Apparently this is some "stackable" filesystem that can basically do all the stuff that Dazuko can do (notifications on open/close/unlink/etc.), but does not require these kernel options that I mentioned above. Obviously, if that is true, I'm very interested in such a development. I tried to get it to work on my custom compiled kernel image: 2.6.26 (from kernel.org) with openvz patches. The kernel compiled fine, and I'm running it right now. Unfortunately, DazukoFS does not feel like installing: debian:/tmp/dazukofs-3.0.0-rc5# patch -p1 < patch-linux-2.6.26 patching file file.c patching file event.c patching file ctrl_dev.c patching file group_dev.c patching file ign_dev.c patching file inode.c patching file super.c debian:/tmp/dazukofs-3.0.0-rc5# make make -C /lib/modules/`uname -r`/build SUBDIRS="`pwd`" modules make[1]: Entering directory `/usr/src/linux-2.6.26' CC [M] /tmp/dazukofs-3.0.0-rc5/super.o CC [M] /tmp/dazukofs-3.0.0-rc5/inode.o /tmp/dazukofs-3.0.0-rc5/inode.c: In function 'dazukofs_permission': /tmp/dazukofs-3.0.0-rc5/inode.c:468: error: implicit declaration of function 'GET_LOWER_MNT' /tmp/dazukofs-3.0.0-rc5/inode.c:468: warning: assignment makes pointer from integer without a cast /tmp/dazukofs-3.0.0-rc5/inode.c:469: error: implicit declaration of function 'GET_LOWER_DENTRY' /tmp/dazukofs-3.0.0-rc5/inode.c:469: warning: assignment makes pointer from integer without a cast /tmp/dazukofs-3.0.0-rc5/inode.c:477: error: implicit declaration of function 'GET_LOWER_INODE' /tmp/dazukofs-3.0.0-rc5/inode.c:477: warning: passing argument 1 of 'permission' makes pointer from integer without a cast make[2]: *** [/tmp/dazukofs-3.0.0-rc5/inode.o] Error 1 make[1]: *** [_module_/tmp/dazukofs-3.0.0-rc5] Error 2 make[1]: Leaving directory `/usr/src/linux-2.6.26' make: *** [dazukofs_modules] Error 2 I'm not sure wether this is an error in DazukoFS (it appears to be, as it's using functions that appear to belong to DazukoFS), or if my openvz kernel broke something. I'd appreciate it if you could help me out on this one. Thanks, Bas Verhoeven _______________________________________________ Dazuko-help mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-help
