ROX-33216: implement inode tracking for path_rename#487
Open
Molter73 wants to merge 2 commits intomauro/refactor-submit-eventfrom
Open
ROX-33216: implement inode tracking for path_rename#487Molter73 wants to merge 2 commits intomauro/refactor-submit-eventfrom
Molter73 wants to merge 2 commits intomauro/refactor-submit-eventfrom
Conversation
Molter73
force-pushed
the
mauro/ROX-33216/inode-tracking-rename
branch
from
f6855df to
c5bd4f2
Compare
Molter73
force-pushed
the
mauro/refactor-submit-event
branch
from
a861f3d to
96c8f45
Compare
Molter73
force-pushed
the
mauro/ROX-33216/inode-tracking-rename
branch
from
c5bd4f2 to
0d364d0
Compare
5 tasks
This is a first attempt at adding inode tracking to the path_rename LSM hook. A number of changes were needed in order to cover all the possible edge cases in this operation. The most important change is that inodes are now always sent to userspace alongside with a value that indicates how the event is triggered (by matching an inode or a path), this was needed because the path_rename operation will use an inode number of 0 the same we were doing when the new path is not populated (i.e there is no file on the path we are landing). As a side effect of this, inodes on the kernel side cannot be NULL, some additional cleanup might be needed. Properly tracking rename operations requires collaboration between kernelspace and userspace, particularly when renaming a directory. In this case, the LSM hook will trigger once and we have no way of iterating through subdirectories and files contained in the directories involved, so the kernel does its best effort with the available information and leaves the heavy lifting to userspace. Where possible, userspace will use the available information in memory to adjust the paths being tracked, any discrepancies will be sorted by (hopefully) subsequent events or a periodic scan of the host. The logic on both sides is documented as thoroughly as possible.
In order to validate more of the inode tracking functionality in path_rename more test cases and additional validations are added.
Molter73
force-pushed
the
mauro/ROX-33216/inode-tracking-rename
branch
from
0d364d0 to
c115b4d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This is a first attempt at adding inode tracking to the path_rename LSM hook. A number of changes were needed in order to cover all the possible edge cases in this operation.
The most important change is that inodes are now always sent to userspace alongside with a value that indicates how the event is triggered (by matching an inode or a path), this was needed because the path_rename operation will use an inode number of 0 the same we were doing when the new path is not populated (i.e there is no file on the path we are landing). As a side effect of this, inodes on the kernel side cannot be NULL, some additional cleanup might be needed.
Properly tracking rename operations requires collaboration between kernelspace and userspace, particularly when renaming a directory. In this case, the LSM hook will trigger once and we have no way of iterating through subdirectories and files contained in the directories involved, so the kernel does its best effort with the available information and leaves the heavy lifting to userspace. Where possible, userspace will use the available information in memory to adjust the paths being tracked, any discrepancies will be sorted by (hopefully) subsequent events or a periodic scan of the host. The logic on both sides is documented as thoroughly as possible.
Checklist
Automated testing
If any of these don't apply, please comment below.
Testing Performed
Manually tested and added multiple integration tests.