Syscall trouble

Syscall trouble

[Søren Nøhr Christensen]

Hi all!

I have implemented a systemcall against linux-2.6.8.1 using the following 
patches:


--- linux-2.6.8.1-clean/arch/i386/kernel/entry.S        2004-08-14 
12:55:09.000000000 +0200
+++ linux-2.6.8.1/arch/i386/kernel/entry.S      2004-11-30 14:48:36.000000000 
+0100
@@ -887,4 +887,7 @@
        .long sys_mq_getsetattr
        .long sys_ni_syscall            /* reserved for kexec */

+       .long sys_umb_set_child_restrictions

 syscall_table_size=(.-sys_call_table)


--- linux-2.6.8.1-clean/include/asm-i386/unistd.h       2004-08-14 
12:55:35.000000000 +0200
+++ linux-2.6.8.1/include/asm-i386/unistd.h     2004-11-30 14:48:36.000000000 
+0100
@@ -290,8 +290,13 @@
 #define __NR_mq_getsetattr     (__NR_mq_open+5)
 #define __NR_sys_kexec_load    283

-#define NR_syscalls 284
-
+#define __NR_umb_set_child_restrictions       284
+
+#define NR_syscalls 285

 /* user-visible error numbers are in the range -1 - -124: see 
<asm-i386/errno.h> */

 #define __syscall_return(type, res) \


This works like a charm. If i apply this to linux-2.6.9 it does not work 
anymore. The syscall is in kallsyms, but nothing happens when I call it.


Any suggestions?

What am I missing?

//snc


----------------
Søren Nøhr Christensen
Computer Science @ AAU
snc@cs.aau.dk

Re: Syscall trouble

[Chris Wright]

* Søren Nøhr Christensen (snc@cs.aau.dk) wrote:
<snip>
> +#define __NR_umb_set_child_restrictions       284
<snip>

> Any suggestions?

Don't do it this way.  Use /proc/<pid>/attr/ interface if you only want
to handle creating restrictions within a process.  If you're using it to
load your policy, then create a reasonable filesystem interface and do
it that way.  This will be portable across versions and architectures
without allocating any syscalls.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net