-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Jul 20, 2017 at 04:29:25PM -0700, Andrew Morgan wrote: > On 07/20/2017 12:36 PM, Marek Marczykowski-Górecki wrote: > > On Wed, Jul 19, 2017 at 10:42:36PM -0700, Andrew Morgan wrote: > >> Hey Marek, > > > >> Just wanted to quickly point out that the next report is coming out > >> soon. Just wanted to finish up the C++ daemon beforehand. It can already > >> track untrusted folders and their subfolders, as well as mark any new > >> folders or files that are created or moved inside of them. > > > >> I'm currently trying to work out a bug where inotify_watch calls will > >> fail around the 8000th folder that's created or moved in. I'm assuming > >> this probably has to do with a limit coded somewhere so I'm looking out > >> for that. > > > >> I also packaged qvm-file-trust as a python module. Installation goes > >> great, but I get some errors after trying to run the installed script: > > > >> https://gist.github.com/anonymous/c51749ce9f951e4b53fd4da9ed5a925b > > > >> qvm_file_trust.py is placed in /rw/usrlocal/bin/qvm_file_trust.py > >> qvm-file-trust is placed in /usr/local/qvm-file-trust but is unable to > >> find the correct module > >> Just moving qvm-file-trust to /rw/usrlocal/bin/ makes it work, so seems > >> like it's looking relatively for files... > > > > 1. You should place setup.py one level up - outside of "qubesfiletrust" > > directory - so it could find such a package relative to setup.py > > location > > 2. You don't need qvm_file_trust.py in "scripts" - I guess this > > is a workaround for point 1. > > 3. (unrelated) You've committed to git qubesfiletrust.egg-info, which is > > generated by setup.py. > > > >> Also did a test with moving in an enormous folder, daemon took up 16% > >> CPU for a second in htop then right back to 0%, so seems pretty well > >> optimized for now. inotify finds all the files and folders in way until > >> a few hundred milli-seconds, so we may need to scale our period for > >> calling qvm-file-trust with a list of files down a bit (unless python > >> can take in 10K+ full filepaths as arguments). > > > > As Jean-Philippe already said, better split to multiple calls. > > > > > > Thanks Marek, I've made those changes and it now installs in > /usr/local/bin instead of /usr/bin. I don't see any other qubes tools in > there so I assume we should either install in /usr/bin or at least > symlink to it. Do you know how we could achieve that?
I guess you're doing that on Debian, right? Debian have a specific patch on python setuptools to install everything into /usr/local, unless you explicitly request some other place. One way to request /usr is to add - --install-layout=deb option. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZcUAcAAoJENuP0xzK19csaKAH/1s693Gh2xLIobo270QNkpTR sro8fjd2ImTtBGg4svzT4N8Wn8ihj06TvXLoXkQ1cAx1RIYoiLPOFavk0W2cIoWE P2vCk44es/7nyob56zM5q+eEHF3dPVKZc5A9R+sfyQ5o2JVPOdluQ5WVK5aoMOXt KSj35nCX1axl4gx5CcvYvtyoghzZp49ziOnEjgm2rxziQrzWvgft/HnC3z+ICcQU dQfYWY9LO7XqPxhbEx0WAeDhxaafggKsYjf2MQqE8BXPfULHORU13mg2xc+1YFwB 8idXtlITq2/FmEBISHq27Lpt3gGU7376cKNtO2XVFqQy/LDTP4ZYz9jGXhZVno8= =0q90 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170720234323.GJ1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
