I am working for listening file operation.
I find that I can listen the rename operation by registering KAUTH_SCOPE_FILEOP and listening on KAUTH_FILEOP_RENAME. But this is only a notification, kernel does not care it's return value.
So I can't block some rename operation on special files.
I also find a register for KAUTH_SCOPE_VNODE, but there is no action for rename operation.
Is there any methord to block the rename operation?
Thank you very much!
I also find a register for
, but there is no action for rename operation.KAUTH_SCOPE_VNODE
When working in a UNIX-y context, a rename is the logical combination of a (hard) link followed by an unlink. You should see that operations come through
KAUTH_SCOPE_VNODEShare and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Hi Eskimo,
I tried to follow you guidance for how to detect a `rename` syscall in vnode scope
"rename is the logical combination of a (hard) link followed by an unlink"but found only the link flag
* Authorizes the vnode as the target of a hard link. */
#define KAUTH_VNODE_LINKTARGET (1<<25)
perhaps you can point me to the unlink flag ?
thanks
perhaps you can point me to the unlink flag ?
I haven’t had a chance to check this but I think you’ll find it’s
KAUTH_VNODE_DELETE_CHILDShare and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"