On 07/20/2017 12:36 PM, Marek Marczykowski-Górecki wrote: > On Wed, Jul 19, 2017 at 10:42:36PM -0700, Andrew Morgan wrote: >> Hey Marek, > >> Just wanted to quickly point out that the next report is coming out >> soon. Just wanted to finish up the C++ daemon beforehand. It can already >> track untrusted folders and their subfolders, as well as mark any new >> folders or files that are created or moved inside of them. > >> I'm currently trying to work out a bug where inotify_watch calls will >> fail around the 8000th folder that's created or moved in. I'm assuming >> this probably has to do with a limit coded somewhere so I'm looking out >> for that. > >> I also packaged qvm-file-trust as a python module. Installation goes >> great, but I get some errors after trying to run the installed script: > >> https://gist.github.com/anonymous/c51749ce9f951e4b53fd4da9ed5a925b > >> qvm_file_trust.py is placed in /rw/usrlocal/bin/qvm_file_trust.py >> qvm-file-trust is placed in /usr/local/qvm-file-trust but is unable to >> find the correct module >> Just moving qvm-file-trust to /rw/usrlocal/bin/ makes it work, so seems >> like it's looking relatively for files... > > 1. You should place setup.py one level up - outside of "qubesfiletrust" > directory - so it could find such a package relative to setup.py > location > 2. You don't need qvm_file_trust.py in "scripts" - I guess this > is a workaround for point 1. > 3. (unrelated) You've committed to git qubesfiletrust.egg-info, which is > generated by setup.py. > >> Also did a test with moving in an enormous folder, daemon took up 16% >> CPU for a second in htop then right back to 0%, so seems pretty well >> optimized for now. inotify finds all the files and folders in way until >> a few hundred milli-seconds, so we may need to scale our period for >> calling qvm-file-trust with a list of files down a bit (unless python >> can take in 10K+ full filepaths as arguments). > > As Jean-Philippe already said, better split to multiple calls. > >
Thanks Marek, I've made those changes and it now installs in /usr/local/bin instead of /usr/bin. I don't see any other qubes tools in there so I assume we should either install in /usr/bin or at least symlink to it. Do you know how we could achieve that? Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/okreck%24l2g%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
