From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rajat Sharma Subject: Re: Intercepting system calls Date: Mon, 26 Dec 2011 11:23:30 +0530 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: linux-fsdevel@vger.kernel.org To: Gaurav Saxena Return-path: Received: from mail-qy0-f174.google.com ([209.85.216.174]:47893 "EHLO mail-qy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750720Ab1LZFxd convert rfc822-to-8bit (ORCPT ); Mon, 26 Dec 2011 00:53:33 -0500 Received: by qcqz2 with SMTP id z2so6450662qcq.19 for ; Sun, 25 Dec 2011 21:53:32 -0800 (PST) In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Hi Gaurav, I would suggest to take a wrapfs source (a null stackable file-system) and customize it for your need. Well Erez (wrapfs author) puts his continuous efforts in stabilizing wrapfs and porting to new kernels and he is approachable too. In-fact he has acknowledged on of my patch and merged it into wrapfs tree. Agreed that you can do stuffs like patching system call table but I (and most of us here) would categorize that as pure hack, as there exist no framework provided by kernel to do that. Also any approach you take to patch system call table won't be stable. Thanks, Rajat On Sat, Dec 24, 2011 at 2:39 PM, Gaurav Saxena = wrote: > Hello all, > > I am writing an application which would create a backup for the syste= m > so that it could be restored as it is. For example I create a backup > using my application. I just do nothing at time of backup so it would > be fast. Now whenever I see any deletion I would save that file so > that I could restore it. Also I would like to see for > modification/rename. I cannot do this using inotify as I would be > notified after actual deletion/write. I don't want to use SELinux > because I want to implement this on existing installed system. I was > earlier thinking of replacing system calls for open/unlink with my > custom calls which will call my functions before actual work and then > I would decide what to do I would also want to reject unlink request > for some of the files. But as I now know that its not working in > linux>3.0 . I had also seen dazuko which is not supporting linux>3.0 > yet. Also there used to be a redirfs which used to work earlier but > the latest kernel is not supported yet. I think a method could be to > replace unlink in syscall table with my unlink function but I don't > find any good method of doing that, as syscall table is no longer > exported. I would like to implement this in a kernel module instead o= f > modifying kernel code itself. Please suggest some method of doing > that. > Thanks to you all for your help. > > -- > Thanks and Regards , > Gaurav > -- > To unsubscribe from this list: send the line "unsubscribe linux-fsdev= el" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at =A0http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel= " in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html