Closed nawate closed 4 years ago
paperclip
commented
4 years ago You can use the file descriptor for you connection to the talpa device in a select/poll call.
It'll get triggered when a packet is ready for the vetting client.
You don't need to have non-blocking while reading a single packet, since talpa will always send complete packets.
nawate
commented
4 years ago @paperclip - Sorry, I didn't ask the question correctly. When I say non-blocking it means the file events which don't require/expect a reply(TALPA_ALLOW/TALPA_DENY). In other words "responseReqd" is 0. Just notification events.
paperclip
commented
4 years ago Ok, no problem, I understand what you're ask.
I'm afraid I don't think you can do that with Talpa. If you are on a post 2.6.37 kernel, and don't need to get events from containers, then fanotify has a mode that does that.
nawate
commented
4 years ago Oh Okay. Thanks for the quick turn up! Actually, I'm using 2.6.37 and In the context of Fanotify only I asked this question :) yes, Fanotify provides only notification events.
I'm closing this issue.
Hi there,
I don't know whether this functionality is already provided in the current version or maybe I'm missing some configuration which needs to do under one of the below directory
/proc/sys/talpa/interceptors/VFSHookInterceptor/ Or /proc/sys/talpa/intercept-filters/VettingController/
Is there a forum/mailing channel where I can raise this kind of questions
Thanks, Nilesh