On Wed, Jun 22, 2011 at 6:03 PM, Shawn Johnson <shcjohn...@gmail.com> wrote:
> To the dev team of gobohide
>
> Where i work aka "big brother/gov", Gobohide isn't a legitimate Linux
> Distro. Sorry guy, I love what you all do but the sad fact is I have to use
> a more legitimate linux distro.
>
> Centos 5.6 all updated
> Kernel: 2.6.18-238.12.1.el5.centos.plus for the kernel source with centos
> patches applied.
> 2.6.18.3-r2 gobohide kernel patch
>
> I have manually patched the kernel source and built a running kernel that
> works. I have also manually built the gobohide tool. Everything is working
> great, but one thing.
>
> GoboHide is designed to deliberately not hide directories which are mount
> point?
>
> What if you do want to hide directories which are mount points. Where in the
> code do I remove/edit the gobohide.c or gobohide.h. Like if I wanted to
> enable = hide files. See code below.
>
> I found the post about hide files.
> /* We only support symbolic links and directories */
> - if (hide->inode && !S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) {
> - error = -EINVAL;
> - goto out;
> - }
>
> - if (!S_ISDIR(stats.st_mode))
> err_quit (1, dir);
>
> The following dirctories don't hide.
>
> boot, dev, proc, sys, usr
>
> # mount points for directories /dev/sda2 on / type ext3 (rw)
> proc on /proc type proc (rw)
> sysfs on /sys type sysfs (rw)
> devpts on /dev/pts type devpts (rw,gid=5,mode=620)
> /dev/sda5 on /usr type ext3 (rw)
> /dev/sda1 on /boot type ext3 (rw)
> tmpfs on /dev/shm type tmpfs (rw)
> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
>
> # gobohide.conf file
> # Use the following array to specify which directories to hide at boot time
> UserDefinedEntries=(
> /bin
> /boot
> /dev
> /etc
> /lib
> /media
> /misc
> /mnt
> /net
> /proc
> /sbin
> /srv
> /sys
> /tmp
> /usr
> /var
> /xbin
> )
>
> Thanks Shawn
>
> P.S. I have also tried to patch busybox with gobohide tool. More on that
> when i get the time.
Hi Shawn,
Sorry for the late reply -- I hope this is still useful information for you.
I believe that problem is coming from the superblock check that we
perform in gobohide_get():
if (entry->i_ino == i_ino && hidden_dentry->d_sb == dentry->d_sb) {
The superblock for "/" (where readdir was invoked against) differs
from the one for "/sys", so we never return a matching structure for
"/sys". The patch as it is is able to hide entries inside /sys just
fine, but it would need some extra work to support more than one
superblock per hidden entry.
Please note that simply removing that restriction from the conditional
test would work at a first glance, but it will potentially cause
files/directories of matching inode numbers in other partitions to be
hidden by mistake.
Since we don't have much use for that feature in GoboLinux I don't
believe we will be adding such a feature in the short term (especially
given the increased complexity that it will add to the code). Patches
that introduce such a feature are welcome, though, and I'll be happy
to review and test them.
Thanks,
--
Lucas
"If you're looking for a reason I've a reason to give: pleasure,
little treasure"
_______________________________________________
gobolinux-devel mailing list
gobolinux-devel@lists.gobolinux.org
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
