Re: nfs optimization and veriexec

Thread: Re: nfs optimization and veriexec

Search this list only Search all lists
Re: nfs optimization and veriexec
Japan	2007-11-12 17:59:43
> If the NFS optimization conflicts only with Veriexec, and it makes sense > to do so, it's possible to add KAUTH_VERIEXEC_NFS_OPTIMIZE (or > whatever). > > What do you think? > > -e. it isn't so different from #ifdef VERIEXEC which is unacceptable for me. for long term, i want to remove "lookup before create" from vfs. so i hope to see the assumption is removed from veriexec, rather than making the rest of kernel veriexec-aware. YAMAMOTO Takashi

Re: nfs optimization and veriexec
Israel	2007-11-13 01:21:51
YAMAMOTO Takashi wrote: > for long term, i want to remove "lookup before create" from vfs. > so i hope to see the assumption is removed from veriexec, rather than > making the rest of kernel veriexec-aware. So it's not just an NFS optimization, is it? Basically, Veriexec has a feature where it can prevent creation of new files. I'd like to maintain that feature... or at least learn more about what benefits this optimization has if the direction is that the two can't co-exist. Would it be possible to have Veriexec treat a "create unless exists" as "create"? or would that break programs that open, say, log files with O_RDWR_CREAT? -e.

[1-2]