On Thu, Oct 03, 2002 at 09:46:53PM -0700, Greg KH wrote:
> On Fri, Oct 04, 2002 at 07:05:03AM +0300, Muli Ben-Yehuda wrote:
> >
> > http://marc.theaimsgroup.com/?l=kernelnewbies&m=102267164910800&w=2,
>
> You didn't read my post to that same thread did you:
>
> http://marc.theaimsgroup.com/?l=kernelnewbies&m=102130770415962
I did, and considered using LSM, but decided not to since, as you
mention below, it doesn't give me the capabilities I need.
> And for the most part, the people on kernelnewbies have given up on
> trying to explain to new people why this does not work. I know I sure
> have :)
As I've written, I maintain that it does work on *some* archs (atomic
pointer updates are required) and with certain precautions (no module
unload).
> > http://marc.theaimsgroup.com/?l=linux-kernel&m=101821127019203&w=2
> >
> > [2] Can the LSM hooks be used for notification and modification on
> > every system call's entry and exit?
>
> No. See the LSM mailing list archives for why we did not decide to do
> this. (hint, you don't really achieve what you want to by doing
> this.)
Well, since I want to hook every system call, I get exactly what I
want ;-)
I'm not doing access policies or security. I'm doing "who is deleting
my file?" and "who is calling settimeoday on my router once in a blue
moon.", and even "if process foo calls getpid(), tell it's actually
process bar".
> If you _really_ want to hook things like this, look at LTT or dprobes.
> They should work just fine for you.
Neither is in the core kernel (AFAIK), and I'm not sure how useful
they are for a module only solution. I'll take a look, though.
Thanks,
Muli.
-- Muli Ben-Yehuda http://www.mulix.org/ mulix@mulix.org:~$ sctrace strace /bin/foo http://syscalltrack.sf.net/ Quis custodes ipsos custodiet?
This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:43 EST