* Blocking the access to the device files. @ 2010-12-29 13:06 Prasad Joshi 2010-12-29 16:12 ` Mulyadi Santosa 0 siblings, 1 reply; 13+ messages in thread From: Prasad Joshi @ 2010-12-29 13:06 UTC (permalink / raw) To: kernelnewbies Hello All, ZFS file system has a property called devices. If turned off, ZFS would not allow access to the device files (block/character) present on the file system. I want to implement the same behavior on the a Linux File System. I can always check for device files in open/read/write/mmap functions, but I am looking for better implemention. Does any of the FS on Linux has this facility or Is there any mount flag that I can use? Thanks and Regards, Prasad ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 13:06 Blocking the access to the device files Prasad Joshi @ 2010-12-29 16:12 ` Mulyadi Santosa 2010-12-29 17:01 ` Greg Freemyer 2010-12-29 23:32 ` Prasad Joshi 0 siblings, 2 replies; 13+ messages in thread From: Mulyadi Santosa @ 2010-12-29 16:12 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: > Hello All, > > ZFS file system has a property called devices. If turned off, ZFS > would not allow access to the device files (block/character) present > on the file system. I want to implement the same behavior on the a > Linux File System. I don't know about ZFS, so could you please elaborate on what you mean by "ZFS could disallow access"? IMHO, (untested), you could simply do it using usual Linux file/directory permission up to SELinux/AppArmor....so, is that what you mean? -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 16:12 ` Mulyadi Santosa @ 2010-12-29 17:01 ` Greg Freemyer 2010-12-29 18:06 ` Mulyadi Santosa 2010-12-29 18:54 ` mindentropy 2010-12-29 23:32 ` Prasad Joshi 1 sibling, 2 replies; 13+ messages in thread From: Greg Freemyer @ 2010-12-29 17:01 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa <mulyadi.santosa@gmail.com> wrote: > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: >> Hello All, >> >> ZFS file system has a property called devices. If turned off, ZFS >> would not allow access to the device files (block/character) present >> on the file system. I want to implement the same behavior on the a >> Linux File System. > > I don't know about ZFS, so could you please elaborate on what you mean > by "ZFS could disallow access"? > > IMHO, (untested), you could simply do it using usual Linux > file/directory permission up to SELinux/AppArmor....so, is that what > you mean? > > -- > regards, > > Mulyadi Santosa Mulyadi, My guess is that it is more complex than that. Some filesystems have issues if the raw drive is read while the filesystem is mounted. I think it is caused by inconsistencies in the various cache's. ie. iirc, At least in the 2.4 kernel there was not a single unified cache for block layer and filesystems. So doing raw reads of underlying device while it was mounted could cause the caches to get out of sync. I don't recall the details, but either the kernel would oops or the filesystem would become corrupt. I don't know if any 2.6 filesystems still have that issue. Anyway ZFS must have a similar issue. So a ZFS filesystem developer knowing this was a conflict could add a check in the /dev/sda open() that would fail the open if there was a mounted filesystem of type ZFS on the drive. And the mount should fail if /dev/sda is already open. I'm not aware of the 2.6.x linux kernel offering any infrastructure to help with that issue. Greg ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 17:01 ` Greg Freemyer @ 2010-12-29 18:06 ` Mulyadi Santosa 2010-12-29 18:54 ` mindentropy 1 sibling, 0 replies; 13+ messages in thread From: Mulyadi Santosa @ 2010-12-29 18:06 UTC (permalink / raw) To: kernelnewbies Hi Greg :) On Thu, Dec 30, 2010 at 00:01, Greg Freemyer <greg.freemyer@gmail.com> wrote: > My guess is that it is more complex than that. > > Some filesystems have issues if the raw drive is read while the > filesystem is mounted. ?I think it is caused by inconsistencies in the > various cache's. ?ie. iirc, At least in the 2.4 kernel there was not a > single unified cache for block layer and filesystems. ?So doing raw > reads of underlying device while it was mounted could cause the caches > to get out of sync. Oh, that issue? well, in that case, I have no prevent such thing...I was offering the previous idea since I have very little cues on what Prasad mean by "disabling access".... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 17:01 ` Greg Freemyer 2010-12-29 18:06 ` Mulyadi Santosa @ 2010-12-29 18:54 ` mindentropy 2010-12-29 19:00 ` Mulyadi Santosa 2010-12-29 19:02 ` Greg Freemyer 1 sibling, 2 replies; 13+ messages in thread From: mindentropy @ 2010-12-29 18:54 UTC (permalink / raw) To: kernelnewbies On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote: > On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa > > <mulyadi.santosa@gmail.com> wrote: > > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: > >> Hello All, > >> > >> ZFS file system has a property called devices. If turned off, ZFS > >> would not allow access to the device files (block/character) present > >> on the file system. I want to implement the same behavior on the a > >> Linux File System. > > > > I don't know about ZFS, so could you please elaborate on what you mean > > by "ZFS could disallow access"? > > > > IMHO, (untested), you could simply do it using usual Linux > > file/directory permission up to SELinux/AppArmor....so, is that what > > you mean? > > > > -- > > regards, > > > > Mulyadi Santosa > > Mulyadi, > > My guess is that it is more complex than that. > > Some filesystems have issues if the raw drive is read while the > filesystem is mounted. I think it is caused by inconsistencies in the > various cache's. ie. iirc, At least in the 2.4 kernel there was not a > single unified cache for block layer and filesystems. So doing raw > reads of underlying device while it was mounted could cause the caches > to get out of sync. > > I don't recall the details, but either the kernel would oops or the > filesystem would become corrupt. I don't know if any 2.6 filesystems > still have that issue. Anyway ZFS must have a similar issue. > > So a ZFS filesystem developer knowing this was a conflict could add a > check in the /dev/sda open() that would fail the open if there was a > mounted filesystem of type ZFS on the drive. > > And the mount should fail if /dev/sda is already open. > > I'm not aware of the 2.6.x linux kernel offering any infrastructure to > help with that issue. > > Greg > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies Greg, > So doing raw > reads of underlying device while it was mounted could cause the caches > to get out of sync. So doing a 'dd' would cause the kernel to oops? Thanks. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 18:54 ` mindentropy @ 2010-12-29 19:00 ` Mulyadi Santosa 2010-12-29 19:02 ` Greg Freemyer 1 sibling, 0 replies; 13+ messages in thread From: Mulyadi Santosa @ 2010-12-29 19:00 UTC (permalink / raw) To: kernelnewbies On Thu, Dec 30, 2010 at 01:54, mindentropy <mindentropy@gmail.com> wrote: > On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote: >> So doing raw >> reads of underlying device while it was mounted could cause the caches >> to get out of sync. > > ? ?So doing a 'dd' would cause the kernel to oops? I believe what Greg meant was "doing write". I see no problem if it's raw read.... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 18:54 ` mindentropy 2010-12-29 19:00 ` Mulyadi Santosa @ 2010-12-29 19:02 ` Greg Freemyer 2010-12-29 19:07 ` Mulyadi Santosa 1 sibling, 1 reply; 13+ messages in thread From: Greg Freemyer @ 2010-12-29 19:02 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 1:54 PM, mindentropy <mindentropy@gmail.com> wrote: > On Wednesday 29 Dec 2010 10:31:37 pm Greg Freemyer wrote: >> On Wed, Dec 29, 2010 at 11:12 AM, Mulyadi Santosa >> >> <mulyadi.santosa@gmail.com> wrote: >> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> > wrote: >> >> Hello All, >> >> >> >> ZFS file system has a property called devices. If turned off, ZFS >> >> would not allow access to the device files (block/character) present >> >> on the file system. I want to implement the same behavior on the a >> >> Linux File System. >> > >> > I don't know about ZFS, so could you please elaborate on what you mean >> > by "ZFS could disallow access"? >> > >> > IMHO, (untested), you could simply do it using usual Linux >> > file/directory permission up to SELinux/AppArmor....so, is that what >> > you mean? >> > >> > -- >> > regards, >> > >> > Mulyadi Santosa >> >> Mulyadi, >> >> My guess is that it is more complex than that. >> >> Some filesystems have issues if the raw drive is read while the >> filesystem is mounted. ?I think it is caused by inconsistencies in the >> various cache's. ?ie. iirc, At least in the 2.4 kernel there was not a >> single unified cache for block layer and filesystems. ?So doing raw >> reads of underlying device while it was mounted could cause the caches >> to get out of sync. >> >> I don't recall the details, but either the kernel would oops or the >> filesystem would become corrupt. ?I don't know if any 2.6 filesystems >> still have that issue. ?Anyway ZFS must have a similar issue. >> >> So a ZFS filesystem developer knowing this was a conflict could add a >> check in the /dev/sda open() that would fail the open if there was a >> mounted filesystem of type ZFS on the drive. >> >> And the mount should fail if /dev/sda is already open. >> >> I'm not aware of the 2.6.x linux kernel offering any infrastructure to >> help with that issue. >> >> Greg >> >> _______________________________________________ >> Kernelnewbies mailing list >> Kernelnewbies at kernelnewbies.org >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > Greg, >> So doing raw >> reads of underlying device while it was mounted could cause the caches >> to get out of sync. > > ? ?So doing a 'dd' would cause the kernel to oops? > > Thanks. I really don't remember what the problem was. It was about 2003 or 2004 I think that I came across the issue. I don't recall if it was XFS or ext2/3 or what. I just know I came to the conclusion that dd if=/dev/sda of=/dev/null was not always safe if the drive had a mounted filesystem. Hopefully its been fixed by now. Greg ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 19:02 ` Greg Freemyer @ 2010-12-29 19:07 ` Mulyadi Santosa 2010-12-29 19:09 ` Greg Freemyer 0 siblings, 1 reply; 13+ messages in thread From: Mulyadi Santosa @ 2010-12-29 19:07 UTC (permalink / raw) To: kernelnewbies Hi Greg... On Thu, Dec 30, 2010 at 02:02, Greg Freemyer <greg.freemyer@gmail.com> wrote: > I really don't remember what the problem was. ?It was about 2003 or > 2004 I think that I came across the issue. ?I don't recall if it was > XFS or ext2/3 or what. > > I just know I came to the conclusion that dd if=/dev/sda of=/dev/null > was not always safe if the drive had a mounted filesystem. ?Hopefully > its been fixed by now. 2.4.x? If yes, I am not so surprised since buffer cache and page cache aren't unified yet, unlike in 2.6.x. I highly guess that was indeed synchronization issue.... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 19:07 ` Mulyadi Santosa @ 2010-12-29 19:09 ` Greg Freemyer 0 siblings, 0 replies; 13+ messages in thread From: Greg Freemyer @ 2010-12-29 19:09 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 2:07 PM, Mulyadi Santosa <mulyadi.santosa@gmail.com> wrote: > Hi Greg... > > On Thu, Dec 30, 2010 at 02:02, Greg Freemyer <greg.freemyer@gmail.com> wrote: >> I really don't remember what the problem was. ?It was about 2003 or >> 2004 I think that I came across the issue. ?I don't recall if it was >> XFS or ext2/3 or what. >> >> I just know I came to the conclusion that dd if=/dev/sda of=/dev/null >> was not always safe if the drive had a mounted filesystem. ?Hopefully >> its been fixed by now. > > 2.4.x? If yes, I am not so surprised since buffer cache and page cache > aren't unified yet, unlike in 2.6.x. I highly guess that was indeed > synchronization issue.... yes, 2.4.x was what I am talking about. ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 16:12 ` Mulyadi Santosa 2010-12-29 17:01 ` Greg Freemyer @ 2010-12-29 23:32 ` Prasad Joshi 2010-12-30 0:07 ` Greg Freemyer 2010-12-30 0:24 ` Henry Gebhardt 1 sibling, 2 replies; 13+ messages in thread From: Prasad Joshi @ 2010-12-29 23:32 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa <mulyadi.santosa@gmail.com> wrote: > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: >> Hello All, >> >> ZFS file system has a property called devices. If turned off, ZFS >> would not allow access to the device files (block/character) present >> on the file system. I want to implement the same behavior on the a >> Linux File System. > > I don't know about ZFS, so could you please elaborate on what you mean > by "ZFS could disallow access"? I am really sorry that I was not clear with the first mail. Thanks a lot for all mail replies and for sharing important information. By not disallowing access to device files I ment root at prasad-laptop:~# mount disk -o loop arm/ root at prasad-laptop:~/arm# mount -t ext3 /dev/loop0 on /home/prasad/arm type ext3 (rw) ############# CREATING A DEVICE FILE ON THE FILE SYSTEM root at prasad-laptop:~/arm# mknod zero c 1 5 root at prasad-laptop:~/arm# ls lost+found zero root at prasad-laptop:~/arm# ls -l total 12 drwx------ 2 root root 12288 2010-12-23 11:28 lost+found crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K dd: writing `disk': No space left on device 9313+0 records in 9312+0 records out 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s root at prasad-laptop:~/arm# ls -l total 93499 -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk drwx------ 2 root root 12288 2010-12-23 11:28 lost+found crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero Here the file system allowed access to the device file named zero. The requirement is to turn off the access to all of the device files present on the mounted file system. ie. considering the above case access (open/read/write) to/from device zero should not be allowed (even by root user). I don't know why would one create a device file on a file system other than /dev. I could modify the open code to check if the file the file being opened is device file then return either EPERM or EACCESS (not sure which one). But before modifying the code I thought of checking mount flags, could not find one, hence thought of asking on mailing list. Thanks a lot for wonderful replies and sharing valuable information. Hope the example above has made the requirement clear. Thanks and Regards, Prasad > > IMHO, (untested), you could simply do it using usual Linux > file/directory permission up to SELinux/AppArmor....so, is that what > you mean? > > -- > regards, > > Mulyadi Santosa > Freelance Linux trainer and consultant > > blog: the-hydra.blogspot.com > training: mulyaditraining.blogspot.com > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 23:32 ` Prasad Joshi @ 2010-12-30 0:07 ` Greg Freemyer 2010-12-30 0:24 ` Henry Gebhardt 1 sibling, 0 replies; 13+ messages in thread From: Greg Freemyer @ 2010-12-30 0:07 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 6:32 PM, Prasad Joshi <prasadjoshi124@gmail.com> wrote: > On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa > <mulyadi.santosa@gmail.com> wrote: >> On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: >>> Hello All, >>> >>> ZFS file system has a property called devices. If turned off, ZFS >>> would not allow access to the device files (block/character) present >>> on the file system. I want to implement the same behavior on the a >>> Linux File System. >> >> I don't know about ZFS, so could you please elaborate on what you mean >> by "ZFS could disallow access"? > > I am really sorry that I was not clear with the first mail. Thanks a > lot for all mail replies and for sharing important information. > By not disallowing access to device files I ment > > root at prasad-laptop:~# mount disk -o loop arm/ > > root at prasad-laptop:~/arm# mount -t ext3 > /dev/loop0 on /home/prasad/arm type ext3 (rw) > > ############# CREATING A DEVICE FILE ON THE FILE SYSTEM > root at prasad-laptop:~/arm# mknod zero c 1 5 > > root at prasad-laptop:~/arm# ls > lost+found ?zero > > root at prasad-laptop:~/arm# ls -l > total 12 > drwx------ 2 root root 12288 2010-12-23 11:28 lost+found > crw-r--r-- 1 root root ?1, 5 2010-12-23 11:28 zero > > root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K > dd: writing `disk': No space left on device > 9313+0 records in > 9312+0 records out > 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s > > root at prasad-laptop:~/arm# ls -l > total 93499 > -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk > drwx------ 2 root root ? ?12288 2010-12-23 11:28 lost+found > crw-r--r-- 1 root root ? ? 1, 5 2010-12-23 11:28 zero > > Here the file system allowed access to the device file named zero. The > requirement is to turn off the access to all of the device files > present on the mounted file system. ie. considering the above case > access (open/read/write) to/from device zero should not be allowed > (even by root user). I don't know why would one create a device file > on a file system other than /dev. > > I could modify the open code to check if the file the file being > opened is device file then return either EPERM or EACCESS (not sure > which one). But before modifying the code I thought of checking mount > flags, could not find one, hence thought of asking on mailing list. > > Thanks a lot for wonderful replies and sharing valuable information. > Hope the example above has made the requirement clear. > > Thanks and Regards, > Prasad Well that's totally different than I thought. Why not stop the mknod from working instead of the open? mknod is not be part of the "hot path", where open could easily be for some apps. ie. If your FS does not support device files, then simply don't allow them to be created. Thanks Greg ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-29 23:32 ` Prasad Joshi 2010-12-30 0:07 ` Greg Freemyer @ 2010-12-30 0:24 ` Henry Gebhardt 2010-12-30 7:10 ` Rajat Sharma 1 sibling, 1 reply; 13+ messages in thread From: Henry Gebhardt @ 2010-12-30 0:24 UTC (permalink / raw) To: kernelnewbies On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote: > On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa > <mulyadi.santosa@gmail.com> wrote: > > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: > >> Hello All, > >> > >> ZFS file system has a property called devices. If turned off, ZFS > >> would not allow access to the device files (block/character) present > >> on the file system. I want to implement the same behavior on the a > >> Linux File System. > > > > I don't know about ZFS, so could you please elaborate on what you mean > > by "ZFS could disallow access"? > > I am really sorry that I was not clear with the first mail. Thanks a > lot for all mail replies and for sharing important information. > By not disallowing access to device files I ment > > root at prasad-laptop:~# mount disk -o loop arm/ > > root at prasad-laptop:~/arm# mount -t ext3 > /dev/loop0 on /home/prasad/arm type ext3 (rw) > > ############# CREATING A DEVICE FILE ON THE FILE SYSTEM > root at prasad-laptop:~/arm# mknod zero c 1 5 > > root at prasad-laptop:~/arm# ls > lost+found zero > > root at prasad-laptop:~/arm# ls -l > total 12 > drwx------ 2 root root 12288 2010-12-23 11:28 lost+found > crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero > > root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K > dd: writing `disk': No space left on device > 9313+0 records in > 9312+0 records out > 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s > > root at prasad-laptop:~/arm# ls -l > total 93499 > -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk > drwx------ 2 root root 12288 2010-12-23 11:28 lost+found > crw-r--r-- 1 root root 1, 5 2010-12-23 11:28 zero > > Here the file system allowed access to the device file named zero. The > requirement is to turn off the access to all of the device files > present on the mounted file system. ie. considering the above case > access (open/read/write) to/from device zero should not be allowed > (even by root user). I don't know why would one create a device file > on a file system other than /dev. > > I could modify the open code to check if the file the file being > opened is device file then return either EPERM or EACCESS (not sure > which one). But before modifying the code I thought of checking mount > flags, could not find one, hence thought of asking on mailing list. > > Thanks a lot for wonderful replies and sharing valuable information. > Hope the example above has made the requirement clear. > Maybe I, too, am completely misunderstanding you, but does the nodev option do what you want? From the mount manpage: nodev - Do not interpret character or block special devices on the file system. Use like so: $ mount disk -o loop,nodev arm/ You can still create device special files, you just can't access them. Greetings, Henry ^ permalink raw reply [flat|nested] 13+ messages in thread
* Blocking the access to the device files. 2010-12-30 0:24 ` Henry Gebhardt @ 2010-12-30 7:10 ` Rajat Sharma 0 siblings, 0 replies; 13+ messages in thread From: Rajat Sharma @ 2010-12-30 7:10 UTC (permalink / raw) To: kernelnewbies Henry is right, nodev is the option for you, it passes down MS_NODEV flag to kernel which in turn sets MNT_NODEV flag in mount object, which open system call checks and return -EACCES if device it is a device node, snippet from linux/fs/namei.c: case S_IFBLK: case S_IFCHR: if (path->mnt->mnt_flags & MNT_NODEV) return -EACCES; The case which Greg was mentioning, I think that is solved through exclusive open call to block device in exclusive mode with open_bdev_exclusive. This allows only one opener of block device at a time, i.e. Filesystem is the exclusive opener of block device which mounting the block device, e.g. ext2_get_sb() -> get_sb_bdev() -> open_bdev_exclusive(); Rajat On Thu, Dec 30, 2010 at 5:54 AM, Henry Gebhardt <hsggebhardt@googlemail.com> wrote: > On Wed, Dec 29, 2010 at 11:32:18PM +0000, Prasad Joshi wrote: >> On Wed, Dec 29, 2010 at 4:12 PM, Mulyadi Santosa >> <mulyadi.santosa@gmail.com> wrote: >> > On Wed, Dec 29, 2010 at 20:06, Prasad Joshi <prasadjoshi124@gmail.com> wrote: >> >> Hello All, >> >> >> >> ZFS file system has a property called devices. If turned off, ZFS >> >> would not allow access to the device files (block/character) present >> >> on the file system. I want to implement the same behavior on the a >> >> Linux File System. >> > >> > I don't know about ZFS, so could you please elaborate on what you mean >> > by "ZFS could disallow access"? >> >> I am really sorry that I was not clear with the first mail. Thanks a >> lot for all mail replies and for sharing important information. >> By not disallowing access to device files I ment >> >> root at prasad-laptop:~# mount disk -o loop arm/ >> >> root at prasad-laptop:~/arm# mount -t ext3 >> /dev/loop0 on /home/prasad/arm type ext3 (rw) >> >> ############# CREATING A DEVICE FILE ON THE FILE SYSTEM >> root at prasad-laptop:~/arm# mknod zero c 1 5 >> >> root at prasad-laptop:~/arm# ls >> lost+found ?zero >> >> root at prasad-laptop:~/arm# ls -l >> total 12 >> drwx------ 2 root root 12288 2010-12-23 11:28 lost+found >> crw-r--r-- 1 root root ?1, 5 2010-12-23 11:28 zero >> >> root at prasad-laptop:~/arm# dd if=zero of=disk bs=10K count=10K >> dd: writing `disk': No space left on device >> 9313+0 records in >> 9312+0 records out >> 95354880 bytes (95 MB) copied, 1.00106 s, 95.3 MB/s >> >> root at prasad-laptop:~/arm# ls -l >> total 93499 >> -rw-r--r-- 1 root root 95354880 2010-12-23 11:28 disk >> drwx------ 2 root root ? ?12288 2010-12-23 11:28 lost+found >> crw-r--r-- 1 root root ? ? 1, 5 2010-12-23 11:28 zero >> >> Here the file system allowed access to the device file named zero. The >> requirement is to turn off the access to all of the device files >> present on the mounted file system. ie. considering the above case >> access (open/read/write) to/from device zero should not be allowed >> (even by root user). I don't know why would one create a device file >> on a file system other than /dev. >> >> I could modify the open code to check if the file the file being >> opened is device file then return either EPERM or EACCESS (not sure >> which one). But before modifying the code I thought of checking mount >> flags, could not find one, hence thought of asking on mailing list. >> >> Thanks a lot for wonderful replies and sharing valuable information. >> Hope the example above has made the requirement clear. >> > > Maybe I, too, am completely misunderstanding you, but does the nodev > option do what you want? ?From the mount manpage: > > ? ?nodev - Do not interpret character or block special devices on the > ? ?file system. > > Use like so: > > ? ?$ mount disk -o loop,nodev arm/ > > You can still create device special files, you just can't access them. > > Greetings, > Henry > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2010-12-30 7:10 UTC | newest] Thread overview: 13+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-12-29 13:06 Blocking the access to the device files Prasad Joshi 2010-12-29 16:12 ` Mulyadi Santosa 2010-12-29 17:01 ` Greg Freemyer 2010-12-29 18:06 ` Mulyadi Santosa 2010-12-29 18:54 ` mindentropy 2010-12-29 19:00 ` Mulyadi Santosa 2010-12-29 19:02 ` Greg Freemyer 2010-12-29 19:07 ` Mulyadi Santosa 2010-12-29 19:09 ` Greg Freemyer 2010-12-29 23:32 ` Prasad Joshi 2010-12-30 0:07 ` Greg Freemyer 2010-12-30 0:24 ` Henry Gebhardt 2010-12-30 7:10 ` Rajat Sharma
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).