On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote: > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@xxxxxxxxx> wrote: >> Hello All, >> >> ZFS file system has a property called devices. If turned off, ZFS >> would not allow access to the device files (block/character) present >> on the file system. I want to implement the same behavior on the a >> Linux File System. > > I don't know about ZFS, so could you please elaborate on what you mean > by "ZFS could disallow access"? I am really sorry that I was not clear with the first mail. Thanks a lot for all mail replies and for sharing important information. By not disallowing access to device files I ment root@prasad-laptop:~# mount disk -o loop arm/ root@prasad-laptop:~/arm# mount -t ext3 /dev/loop0 on /home/prasad/arm type ext3 (rw) ############# CREATING A DEVICE FILE ON THE FILE SYSTEM root@prasad-laptop:~/arm# mknod zero c 1 5 root@prasad-laptop:~/arm# ls lost+found zero root@prasad-laptop:~/arm# ls -l total 12 drwx------ 2 root root 12288 2010-12-23 11:28 lost+found crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero root@prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K dd: writing `disk': No space left on device 9313+0 records in 9312+0 records out 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s root@prasad-laptop:~/arm# ls -l total 93499 -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk drwx------ 2 root root 12288 2010-12-23 11:28 lost+found crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero Here the file system allowed access to the device file named zero. The requirement is to turn off the access to all of the device files present on the mounted file system. ie. considering the above case access (open/read/write) to/from device zero should not be allowed (even by root user). I don't know why would one create a device file on a file system other than /dev. I could modify the open code to check if the file the file being opened is device file then return either EPERM or EACCESS (not sure which one). But before modifying the code I thought of checking mount flags, could not find one, hence thought of asking on mailing list. Thanks a lot for wonderful replies and sharing valuable information. Hope the example above has made the requirement clear. Thanks and Regards, Prasad > > IMHO, (untested), you could simply do it using usual Linux > file/directory permission up to SELinux/AppArmor....so, is that what > you mean? > > -- > regards, > > Mulyadi Santosa > Freelance Linux trainer and consultant > > blog: the-hydra.blogspot.com > training: mulyaditraining.blogspot.com > _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
