From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gaurav Saxena Subject: Intercepting system calls Date: Sat, 24 Dec 2011 14:39:36 +0530 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 To: linux-fsdevel@vger.kernel.org Return-path: Received: from mail-pz0-f46.google.com ([209.85.210.46]:47473 "EHLO mail-pz0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754707Ab1LXJKH (ORCPT ); Sat, 24 Dec 2011 04:10:07 -0500 Received: by dajs34 with SMTP id s34so6135296daj.19 for ; Sat, 24 Dec 2011 01:10:07 -0800 (PST) In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Hello all, I am writing an application which would create a backup for the system so that it could be restored as it is. For example I create a backup using my application. I just do nothing at time of backup so it would be fast. Now whenever I see any deletion I would save that file so that I could restore it. Also I would like to see for modification/rename. I cannot do this using inotify as I would be notified after actual deletion/write. I don't want to use SELinux because I want to implement this on existing installed system. I was earlier thinking of replacing system calls for open/unlink with my custom calls which will call my functions before actual work and then I would decide what to do I would also want to reject unlink request for some of the files. But as I now know that its not working in linux>3.0 . I had also seen dazuko which is not supporting linux>3.0 yet. Also there used to be a redirfs which used to work earlier but the latest kernel is not supported yet. I think a method could be to replace unlink in syscall table with my unlink function but I don't find any good method of doing that, as syscall table is no longer exported. I would like to implement this in a kernel module instead of modifying kernel code itself. Please suggest some method of doing that. Thanks to you all for your help. -- Thanks and Regards , Gaurav