Hi! > > By the above you're hosed anyway since starting a new one will fail due > > to there being no daemon, right? Might as well forfeit all security > > measures once the daemon dies. That is let security depend on there > > being a daemon connected. > > Nope. You should stop calling and thinking of it as a security system. > As I've said multiple times it is at best an indexing and integrity > checking system. We fail open. We don't prevent or care about > malicious local attacks. When a group is evicted everything is going to > just work. The whole reason for the timeout is because I don't trust > userspace not to get it wrong and I'd rather not lose my box because of > it. Yes, the reset I'm proposing allows userspace to screw the Well, if you are using this for hierarchical storage, then this daemon will bring the system down. Face it, you _are_ developing a security system; otherwise features of fanotify do not make sense. (And you are developing _bad_ security system). So... what about just scrapping the open vetoing -- at least from initial version? > > Seems like a weird thing to me, suppose you DoS the system on purpose > > and all clients start getting wonky, you kill them all, and are left > > with non, then you cannot access any of your files anymore and > > everything grinds to a halt? > > Nope, you DoS the system on purpose all the listeners get evicted, now > everything else will be able to open/read data without those listeners > paying attention. When a group is evicted it's evicted. It no longer > needs to say yes or no. Yes so I hammer your web server and you loose your antivirus protection. > > Like said, having the filesystem block actions based on external > > processes seems just asking for trouble. > > Or it seems like exactly what hierarchical storage management systems > want.... Timeout does not make sense for hierarchical storage. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
