Best linux filesystem filter option?

I need a linux filesystem filter with which to enforce ACL policy on filesystem calls dynamically (allow/deny read/writes based on stuff computed at runtime).

So far I have stumbled onto DazukoFS and Related Work. What I dont like about DazukoFS is that it has to be compiled for each kernel release.

  1. Is there some user-mode library that can filter filesystem calls dynamically?
  2. If not, is there some kernel-mode library that can filter FS calls dynamically, and not compile it for each kernel release?
  3. If not, what is the best choice among DazukoFS and others ?

Answers


I have chosen RedirFS Redirecting Filesystem Framework.

  • similar to windows minifilter drivers in many ways
  • simple enough and featurefull
  • has examples of programs
  • nice docs (but scattered)

If fanotify ever gets into the kernel, it would provide precisely what you're asking for.

But unfortunately it hasn't got in yet.

EDIT:

fanotify has been merged into 2.6.36.

Pull request was: http://lkml.org/lkml/2010/8/6/273


Need Your Help

Using gulp for compiling of changed files only

gulp gulp-watch

I have lots of .jade, .styl and .coffee files resided in different subfolders.

Having issues with initializing character array

c++ arrays pointers cstring

Ok, this is for homework about hashtables, but this is the simple stuff I thought I was able to do from earlier classes, and I'm tearing my hair out. The professor is not being responsive enough, s...