System call wrapping

["Henrý Þór Baldursson" <henry@f-prot.com>]

[-- Attachment #1: Type: text/plain, Size: 1462 bytes --]


Dear sirs, 
I work for FRISK Software International. We are an Antivirus company.
Our product is the F-Prot Antivirus scanner. 

We have started to port our application to the Linux platform in an
effort to provide system administrators with means to scan the content
they supply their workstations with via Linux servers. 
In our Windows product we have something called "Realtime protector"
which monitors file access on Windows running machines and scans them
before allowing access. 

We now want, due to customer demand, to supply our Linux users with
similar functionality, and we've created a 2.4.x kernel module which
wrapped the open system call by means of overwriting
sys_call_table[__NR_open]. We did realize that this is a bad idea if a
user loads another module doing the same, and then unloads in the wrong
order. And also that this is not a very pretty method. But it worked. 

Apparently, this is something you kernel hackers don't approve of, since
you've recently removed EXPORT_SYMBOL(sys_call_table) from
kernel/ksyms.c - so my question is whether there is some other preferred
method for accomplishing this without forcing the user to patch and 
compile a new kernel.  Is there some API for wrapping system calls which
I am unaware of, or are there plans to provide one? 

Best regards, 

Henrý Þór Baldursson, Linux Developer 
FRISK Software International 
http://www.f-prot.com
http://aves.f-prot.com



[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]