From: Anthony Liguori <aliguori@us.ibm.com>
To: Neha Sood <neha0405@yahoo.com>,
xen-devel <xen-devel@lists.xensource.com>
Subject: Re: System Call Interception
Date: Mon, 20 Nov 2006 10:38:54 -0600 [thread overview]
Message-ID: <4561DA1E.60108@us.ibm.com> (raw)
In-Reply-To: <20061119191018.6306.qmail@web54302.mail.yahoo.com>
Neha Sood wrote:
>
> Hi there,
>
> I have a question related to intercepting guest OS system calls in Xen
> to provide logging mechanism. As a part of my project, i have to log all
> the system calls issued by the guest OS in the Xen hypervisor for secure
> logging. I am new to Xen and have been reading the source code. I have
> read about Fast Handler for system call. What is the fast handler and
> how the system call works in Xen. Could you please provide me some
> starting point how to do that?
On i386 at least, syscalls are delivered directly to the guest (they
aren't intercepted by Xen).
I'm not sure if the same is true on x86-64 but at any rate, the first
thing to do would be to make sure Xen intercepts syscalls. You will
have to find some mechanism to "log" these events which will likely
involved a ring queue and some sort of daemon in dom0.
However, as Mats suggests, are you sure this is really what you want to
do? The audit infrastructure in Linux is designed just to do this sort
of thing...
Regards,
Anthony Liguori
> Will it be a very difficult to log guest OS system calls in Xen ? If no,
> how to start with and what are files have to be changed.
>
> I would really appreciate your help.
>
> Thanks,
> Neha
>
> ------------------------------------------------------------------------
> Sponsored Link
>
> Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo -
> Calculate new house payment
> <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-16416&moid=4119>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2006-11-20 16:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-19 19:10 System Call Interception Neha Sood
2006-11-20 10:54 ` Petersson, Mats
2006-11-20 16:38 ` Anthony Liguori [this message]
2006-11-22 19:58 ` Mathieu Ropert
2006-11-23 15:52 ` Adrian Chadd
-- strict thread matches above, loose matches on Subject: below --
2006-11-19 6:53 Neha Sood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4561DA1E.60108@us.ibm.com \
--to=aliguori@us.ibm.com \
--cc=neha0405@yahoo.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.