From: nuno.m.g.martins@gmail.com (Nuno Martins)
To: kernelnewbies@lists.kernelnewbies.org
Subject: How to hook the system call?
Date: Wed, 23 Nov 2011 18:20:39 +0000 [thread overview]
Message-ID: <CAAgcAh1EkMw=gAdP--i4uPkPfFSd+Nygvug37r17fRtULTg3-A@mail.gmail.com> (raw)
In-Reply-To: <CAAdM-RUROuoOx1czFcT=Pz1Fe7S=sRKuyOekR1PNN_=a7Bf7CA@mail.gmail.com>
On Wed, Nov 23, 2011 at 6:05 PM, Geraint Yang <geraint0923@gmail.com> wrote:
> Hi,
> I have tried the LSM framework,but when I make my module , I got
> "waining:'register_security' undefined", then I check security/security.c
> and found out that register_security is not exported ! So if I want to use
> this function ,I must hack kernel by exporting and recompiling kernel which
> is allowed for me.
> So ...well, it seems that LSM doesn't work for module without modifying the
> kernel source.
>
>
>
> On Thu, Nov 24, 2011 at 12:59 AM, Alexandru Juncu <alex.juncu@rosedu.org>
> wrote:
>>
>> On Wed, Nov 23, 2011 at 6:50 PM, Geraint Yang <geraint0923@gmail.com>
>> wrote:
>> > Hi,
>> > Thank all of you for helping me with problem!
>> > I don't want to modify my kernel source so I am trying to learn to use
>> > LSM
>> > security hook even though it seems that it couldn't hook all the system
>> > calls, I think it should be enough for me.
>> > Thanks again!
>>
>> I know that AppArmor can hock syscalls like read, write and memory
>> mapping and can deny or accept them. I am not sure if you can make it
>> do something else when hocked, but I know it has a script-like
>> configuration, so maybe you can take some other actions.
>
>
If you can hook the system calls, you could try KProbes, is a dynamic
instrumentation, that is used in Linux Kernel.
You could use a JProbe to "capture" the function parameters of the
instrumented function.
If you have KProbes in your kernel, you can create a module to
instrument the syscall that you want.
Maybe it can be a starting point for you ...
Other projects that use KProbes are DProbes and SystemTap, you can
also give it a look.
>
> --
> Geraint Yang
> Tsinghua University Department of Computer Science and Technology
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
--
Nuno Martins
next prev parent reply other threads:[~2011-11-23 18:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-23 8:40 How to hook the system call? Geraint Yang
2011-11-23 9:22 ` Alexandru Juncu
2011-11-23 10:10 ` Daniel Baluta
2011-11-23 10:27 ` Alexandru Juncu
2011-11-23 12:02 ` rohan puri
2011-11-23 16:50 ` Geraint Yang
2011-11-23 16:59 ` Alexandru Juncu
2011-11-23 18:05 ` Geraint Yang
2011-11-23 18:20 ` Nuno Martins [this message]
2011-11-24 4:04 ` rohan puri
2011-11-27 22:17 ` Jonathan Neuschäfer
2011-11-28 1:12 ` richard -rw- weinberger
2011-11-28 2:12 ` Geraint Yang
2011-11-28 9:48 ` Jonathan Neuschäfer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAgcAh1EkMw=gAdP--i4uPkPfFSd+Nygvug37r17fRtULTg3-A@mail.gmail.com' \
--to=nuno.m.g.martins@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).