Subject: Re: Veriexec enabled by default
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 10/27/2006 17:44:00
YAMAMOTO Takashi wrote:

> in the case of vn_open, i think following apple's KAUTH_SCOPE_VNODE is
> the best bet.

okay, so we add the vnode scope. problem is, the action on that scope
is a bitfield of acl requests. do you want me to follow that design with
our vnode scope?

if yes, we can use the following actions:


we're missing however an action for "rename".

> btw, why veriexec cares namespace operations like rename?
> it associates fingerprints to filehandles, which are not affected by rename,
> doesn't it?

yes, it doesn't really care about the filename. it uses the name to
indicate that a monitored file was renamed or prevent renaming it (the
latter may be required in, say, ips mode, or lockdown mode for
post-mortem analysis).


Elad Efrat