Browse code
fanotify: adding clamd option to disable ddd
Mickey Sola authored on 2015/09/11 05:43:45Showing 4 changed files
| ... | ... |
@@ -310,7 +310,8 @@ void *onas_ddd_th(void *arg) {
|
| 310 | 310 |
if(onas_ht_add_hierarchy(ddd_ht, pt->strarg)) {
|
| 311 | 311 |
logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg);
|
| 312 | 312 |
return NULL; |
| 313 |
- } |
|
| 313 |
+ } else |
|
| 314 |
+ logg("ScanOnAccess: Protecting directory '%s' (and all sub-directories)\n", pt->strarg);
|
|
| 314 | 315 |
} |
| 315 | 316 |
|
| 316 | 317 |
pt = (struct optstruct *) pt->nextarg; |
| ... | ... |
@@ -328,7 +329,8 @@ void *onas_ddd_th(void *arg) {
|
| 328 | 328 |
if(onas_ht_rm_hierarchy(ddd_ht, pt->strarg, ptlen, 0)) {
|
| 329 | 329 |
logg("!ScanOnAccess: Can't exclude path '%s'\n", pt->strarg);
|
| 330 | 330 |
return NULL; |
| 331 |
- } |
|
| 331 |
+ } else |
|
| 332 |
+ logg("ScanOnAccess: Excluding directory '%s' (and all sub-directories)\n", pt->strarg);
|
|
| 332 | 333 |
} |
| 333 | 334 |
|
| 334 | 335 |
pt = (struct optstruct *) pt->nextarg; |
| ... | ... |
@@ -144,24 +144,41 @@ void *onas_fan_th(void *arg) |
| 144 | 144 |
return NULL; |
| 145 | 145 |
} |
| 146 | 146 |
|
| 147 |
- do {
|
|
| 148 |
- if(pthread_attr_init(&ddd_attr)) break; |
|
| 149 |
- pthread_attr_setdetachstate(&ddd_attr, PTHREAD_CREATE_JOINABLE); |
|
| 150 |
- |
|
| 151 |
- if(!(ddd_tharg = (struct ddd_thrarg *) malloc(sizeof(struct ddd_thrarg)))) break; |
|
| 152 |
- |
|
| 153 |
- ddd_tharg->fan_fd = onas_fan_fd; |
|
| 154 |
- ddd_tharg->fan_mask = fan_mask; |
|
| 155 |
- ddd_tharg->opts = tharg->opts; |
|
| 156 |
- ddd_tharg->engine = tharg->engine; |
|
| 157 |
- ddd_tharg->options = tharg->options; |
|
| 158 |
- |
|
| 159 |
- if(!pthread_create(&ddd_pid, &ddd_attr, onas_ddd_th, ddd_tharg)) break; |
|
| 160 |
- |
|
| 161 |
- free(ddd_tharg); |
|
| 162 |
- ddd_tharg=NULL; |
|
| 163 |
- } while(0); |
|
| 164 |
- if (!tharg) logg("!Unable to start dynamic directory determination.\n");
|
|
| 147 |
+ if (!optget(tharg->opts, "OnAccessDisableDDD")->enabled) {
|
|
| 148 |
+ do {
|
|
| 149 |
+ if(pthread_attr_init(&ddd_attr)) break; |
|
| 150 |
+ pthread_attr_setdetachstate(&ddd_attr, PTHREAD_CREATE_JOINABLE); |
|
| 151 |
+ |
|
| 152 |
+ if(!(ddd_tharg = (struct ddd_thrarg *) malloc(sizeof(struct ddd_thrarg)))) break; |
|
| 153 |
+ |
|
| 154 |
+ ddd_tharg->fan_fd = onas_fan_fd; |
|
| 155 |
+ ddd_tharg->fan_mask = fan_mask; |
|
| 156 |
+ ddd_tharg->opts = tharg->opts; |
|
| 157 |
+ ddd_tharg->engine = tharg->engine; |
|
| 158 |
+ ddd_tharg->options = tharg->options; |
|
| 159 |
+ |
|
| 160 |
+ if(!pthread_create(&ddd_pid, &ddd_attr, onas_ddd_th, ddd_tharg)) break; |
|
| 161 |
+ |
|
| 162 |
+ free(ddd_tharg); |
|
| 163 |
+ ddd_tharg=NULL; |
|
| 164 |
+ } while(0); |
|
| 165 |
+ if (!tharg) logg("!Unable to start dynamic directory determination.\n");
|
|
| 166 |
+ |
|
| 167 |
+ } else {
|
|
| 168 |
+ if((pt = optget(tharg->opts, "OnAccessIncludePath"))->enabled) {
|
|
| 169 |
+ while(pt) {
|
|
| 170 |
+ if(fanotify_mark(onas_fan_fd, FAN_MARK_ADD, fan_mask, onas_fan_fd, pt->strarg) != 0) {
|
|
| 171 |
+ logg("!ScanOnAccess: Can't include path '%s'\n", pt->strarg);
|
|
| 172 |
+ return NULL; |
|
| 173 |
+ } else |
|
| 174 |
+ logg("ScanOnAccess: Protecting directory '%s'\n", pt->strarg);
|
|
| 175 |
+ pt = (struct optstruct *) pt->nextarg; |
|
| 176 |
+ } |
|
| 177 |
+ } else {
|
|
| 178 |
+ logg("!ScanOnAccess: Please specify at least one path with OnAccessIncludePath\n");
|
|
| 179 |
+ return NULL; |
|
| 180 |
+ } |
|
| 181 |
+ } |
|
| 165 | 182 |
|
| 166 | 183 |
/* Load other options. */ |
| 167 | 184 |
sizelimit = optget(tharg->opts, "OnAccessMaxFileSize")->numarg; |
| ... | ... |
@@ -579,6 +579,11 @@ Example |
| 579 | 579 |
# Default: disabled |
| 580 | 580 |
#OnAccessExcludeUID 0 |
| 581 | 581 |
|
| 582 |
+# Toggles dynamic directory determination. Allows for recursively watching include paths. |
|
| 583 |
+# (On-access scan only) |
|
| 584 |
+# Default: no |
|
| 585 |
+#OnAccessDisableDDD yes |
|
| 586 |
+ |
|
| 582 | 587 |
|
| 583 | 588 |
## |
| 584 | 589 |
## Bytecode |
| ... | ... |
@@ -400,6 +400,8 @@ const struct clam_option __clam_options[] = {
|
| 400 | 400 |
|
| 401 | 401 |
{ "OnAccessMaxFileSize", NULL, 0, CLOPT_TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned in on access.", "5M" },
|
| 402 | 402 |
|
| 403 |
+ { "OnAccessDisableDDD", "disable-ddd", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD, "This option toggles the dynamic directory determination system for on-access scanning (Linux only)", "no" },
|
|
| 404 |
+ |
|
| 403 | 405 |
/* FIXME: mark these as private and don't output into clamd.conf/man */ |
| 404 | 406 |
{ "DevACOnly", "dev-ac-only", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" },
|
| 405 | 407 |
|