Quoting David Wagner <dawat_private> on Fri, Jul 25 23:20: > > I'm not sure you can detect changes to a file that live > on a remote filesystem (NFS). What if the module is running on the NFS server? How do NFS writes actually get flushed to disk on the server? From my browsing of the code it looks like fsync or f_op->write. It looks like fsync calls writepage. Is there a security hook that catches writepage for all filesystems? How about a hook that catches f_op->write? Does f_op->write eventually lead to writepage? Are these too low level to be considered for hooks? Are these the only way that files can be altered? I realize that sys_write leads to f_op->write, but not all writes go through sys_write. Let me back up a step, maybe I am approaching this from the wrong direction. After I calculate a SHA1 for a file I would like to cache success. Until the file gets altered the result will be the same. So, my thought was that if I can catch all paths that write to the file and invalidate my cache flag, I can save a lot of unnecessary work. I guess what I want is a security hook for writes at the lowest possible level that still has a reference to an inode. Thanks, Omen -- Always remember that you are unique, just like everyone else.
This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 13:05:37 PDT