Bill Studenmund wrote:

> We want notifications on #2 and #3. Well, we want #2 if we play games 
> based on path name; when a #2 removal happens, we need to remove a given 
> path name from our db.

yes, and i think it would be best if we'd implement these notifications
as part of the fileop kauth scope as i suggested in the past -- only
with different code than posted.

> My second big issue with the hook in sys_unlink() is what happens if the 
> remove operation fails? Say I am not root (and veriexec is off), but I "rm 
> /bin/sh". I then generate fileassoc_file_delete() calls.

yeah, that's also a concern of mine, which i tried to address by
checking the return value from VOP_REMOVE() in the first version of
the hook.

> Oh! I LOVE the idea of hooking into these events! I just think we need the 
> hook in the fs, not above it.

that would be great. however, adding these hooks (and others, if we want
to do fileop) is not something i can do. that will require work from
someone familiar with the fs code.

until someone steps up to do the hooks, what do you suggest we do about
the current hooks for veriexec/fileassoc in sys_unlink?

-e.

-- 
Elad Efrat