[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-devel] ClamFS and DazukoFS
From: |
Frantisek Hrbata |
Subject: |
Re: [Dazuko-devel] ClamFS and DazukoFS |
Date: |
Sun, 26 Aug 2007 23:48:20 +0200 |
Hi,
I just want to say that FUSE is really interesting project but from my point
of view it is not a good idea to use it for the on-access scanning.
I will try to explain why.
1) I think that FUSE should be used for a user-space filesystem implementation
and
not for changing existing filesystem behavior.
2) It is not possible to pass control down to the real filesystem driver like
e.g.
in LSM or FiST based filesystems. You have to use mappings from FUSE root
to the real root in user-space like ClamFS does.
3) There are two paths how to access files. One via the real root and second via
the FUSE(ClamFS) root. This means that only files accessed via the FUSE root
will be
scanned. So it is not possible to provide a real on-access scanning because
users can access files via the real root which is not under on-access
scanner control.
Same problem is with LD_PRELOAD. This approach, I think, is used in one
Eset's approach for
on-access scanning.
I think it is really wrong if a user is able to pass by an on-access scanner.
You can solve this by changing access rights on the real root(directory).
But what
about system directories like /bin etc.
4) Performance, performance, performance ..... :(
This will never be even close to the kernel based on-access scanner
performance.
All operations have to be implemented in the user-space not only operations
needed
by the on-access scanner. This means that all operations will be redirected
to the user-space.
In each operation you need to do mappings from the FUSE root to the real
root. Look
at the fixpath function in the clamfs.cxx file. Just compare it with the in
kernel
mappings(e.g. FiST).
--
Regards,
Frantisek Hrbata
GRISOFT, s.r.o.
tel. : +420 549 524 011
mailto: address@hidden