On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote:
> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa
> <mulyadi.santosa@xxxxxxxxx> wrote:
> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@xxxxxxxxx> wrote:
> >> Hello All,
> >>
> >> ZFS file system has a property called devices. If turned off, ZFS
> >> would not allow access to the device files (block/character) present
> >> on the file system. I want to implement the same behavior on the a
> >> Linux File System.
> >
> > I don't know about ZFS, so could you please elaborate on what you mean
> > by "ZFS could disallow access"?
>
> I am really sorry that I was not clear with the first mail. Thanks a
> lot for all mail replies and for sharing important information.
> By not disallowing access to device files I ment
>
> root@prasad-laptop:~# mount disk -o loop arm/
>
> root@prasad-laptop:~/arm# mount -t ext3
> /dev/loop0 on /home/prasad/arm type ext3 (rw)
>
> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM
> root@prasad-laptop:~/arm# mknod zero c 1 5
>
> root@prasad-laptop:~/arm# ls
> lost+found zero
>
> root@prasad-laptop:~/arm# ls -l
> total 12
> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero
>
> root@prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K
> dd: writing `disk': No space left on device
> 9313+0 records in
> 9312+0 records out
> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s
>
> root@prasad-laptop:~/arm# ls -l
> total 93499
> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk
> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found
> crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero
>
> Here the file system allowed access to the device file named zero. The
> requirement is to turn off the access to all of the device files
> present on the mounted file system. ie. considering the above case
> access (open/read/write) to/from device zero should not be allowed
> (even by root user). I don't know why would one create a device file
> on a file system other than /dev.
>
> I could modify the open code to check if the file the file being
> opened is device file then return either EPERM or EACCESS (not sure
> which one). But before modifying the code I thought of checking mount
> flags, could not find one, hence thought of asking on mailing list.
>
> Thanks a lot for wonderful replies and sharing valuable information.
> Hope the example above has made the requirement clear.
>
Maybe I, too, am completely misunderstanding you, but does the nodev
option do what you want? From the mount manpage:
nodev - Do not interpret character or block special devices on the
file system.
Use like so:
$ mount disk -o loop,nodev arm/
You can still create device special files, you just can't access them.
Greetings,
Henry
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
