Re: How to hook the system call?
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Wed, Nov 23, 2011 at 6:05 PM, Geraint Yang <geraint0923@xxxxxxxxx> wrote: > Hi, > I have tried the LSM framework,but when I make my module , I got > "waining:'register_security' undefined", then I check security/security.c > and found out that register_security is not exported ! So if I want to use > this function ,I must hack kernel by exporting and recompiling kernel which > is allowed for me. > So ...well, it seems that LSM doesn't work for module without modifying the > kernel source. > > > > On Thu, Nov 24, 2011 at 12:59 AM, Alexandru Juncu <alex.juncu@xxxxxxxxxx> > wrote: >> >> On Wed, Nov 23, 2011 at 6:50 PM, Geraint Yang <geraint0923@xxxxxxxxx> >> wrote: >> > Hi, >> > Thank all of you for helping me with problem! >> > I don't want to modify my kernel source so I am trying to learn to use >> > LSM >> > security hook even though it seems that it couldn't hook all the system >> > calls, I think it should be enough for me. >> > Thanks again! >> >> I know that AppArmor can hock syscalls like read, write and memory >> mapping and can deny or accept them. I am not sure if you can make it >> do something else when hocked, but I know it has a script-like >> configuration, so maybe you can take some other actions. > > If you can hook the system calls, you could try KProbes, is a dynamic instrumentation, that is used in Linux Kernel. You could use a JProbe to "capture" the function parameters of the instrumented function. If you have KProbes in your kernel, you can create a module to instrument the syscall that you want. Maybe it can be a starting point for you ... Other projects that use KProbes are DProbes and SystemTap, you can also give it a look. > > -- > Geraint Yang > Tsinghua University Department of Computer Science and Technology > > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies@xxxxxxxxxxxxxxxxx > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > -- Nuno Martins _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
[Newbies FAQ] [Linux Kernel Development] [IETF Annouce] [Git] [Networking] [Security] [Bugtraq] [Photo] [Yosemite] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Networking] [Linux RAID] [Linux SCSI] [Linux ACPI]