dazuko-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dazuko-devel] Comments on TAF

From: Calin A. Culianu
Subject: Re: [Dazuko-devel] Comments on TAF
Date: Mon, 28 Mar 2005 10:34:03 -0500 (EST) 


On Sun, 27 Mar 2005, John Ogness wrote:
I like the TAF, but do you think it could be modified to be easier to use with apps that aren't aware of dazuko?
Ie: it would be nice to make apps that have no concept of dazuko be trusted. Apps you didn't write and don't have the sourcecode to.
Hmmm. Trusting an application that you didn't write? Can such an application really be trusted? Having trusted access is an enormous priviledge.
Good point. :) Trusting the apps isn't then a good way to categorize them or think about them. However I am glad you do think ignoring certain categories of events is a good idea.. 



What about something like:

dazukoAddExcludeEvent(struct dazuko_access *);
Here an actual event is specified that should be used as an exclude mask. You could specify just a path, in which case it is identical to dazukoAddExcludePath(), or you could specify many attributes that are combined to create a mask. 

These are just ideas for the moment. I need to think about this a bit.
Yes! I am really happy you agree that it could be a powerful feature!! The above call actually would be enough, since the dazuko_access struct does represent all the information we would/could desire to mask out.
However if you think of it another way, perhaps masking IN is also useful in some situations. For instance, what if you wanted only events from a certain UID? Or from a certain PID? Starting with a mask that excludes everything, then explicitly masking in UID XXX could be useful to some apps that use dazuko (like mine! ;) ).
Expanding on you dazukoAddExcludeEvent() idea, here's one possible API way to represent this: 

/* somewhere in dazukoio.h: */
#define DAZUKO_EXCLUDE_ALL ((const struct dazuko_access *)(0x1))



/* .... somewhere in a dazuko program ... */

dazukoAddExcludeEvent(DAZUKO_EXCLUDE_ALL); /* special pointer
                                              indicates to dazuko to
                                              exclude all events */

{
        /* at this point we want to start specifying an include mask */
        struct dazuko_access myaccess;

        memset(&myaccess, 0, sizeof(myaccess));
        myaccess.uid = 1001;
        myaccess.set_uid = 1;
        myaccess.filename = (char *)"/home/bob";
        dazukoAddIncludeEvent(&myaccess);
        /* at this point dazuko will generate events from uid 1001(bob)
           in path /home/bob */
}
reply via email to
[Prev in Thread] Current Thread [Next in Thread]