Current state of trace mode?

[Jordan K. Hubbard]

On Sep 2, 2012, at 7:37 AM, Joshua Root <jmr at macports.org> wrote:

> I completely agree, it would be better for the OS to provide the
> mechanisms. Please make it happen. ;-)

I'll see what I can do. :-)

Just to make sure we're up-to-date and in sync on the mission goals:   MacPorts would like to be able to know, for a process and any and all of its decedents (e.g. for the port(1) command and any direct or indirect child process of it), what files are opened (and the method of access requested) or created (including links).  Is that it?  Do you also care about files merely being stat'd or otherwise having their metadata interrogated?  How about execs?  Do you need to know what tools are being exec'd from any and all locations?

My own thinking is that file opens (of any type), file creation and execs are important and everything else can be ignored by the MAC policy.  I'm also assuming that a userland agent will be making all the enforcement decisions rather than having those decisions made by the KExt itself, though if there is a hard-and-fast set of policies that can be enforced by the KExt that would simplify things considerably since no separate IPC mechanism and way of lock-stepping port(1) (who has to report policy violations) and the hypothetical port-trace daemon would be required.

- Jordan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20120903/7cceb3f2/attachment-0001.html>