building af_packet as a kernel module

[Kevin Wilson]

Hello,
I have tried to set CONFIG_PACKET=m in kernel 4.11 and rebuilt the
kernel and rebooted.
I am using Ubuntu 16.04.

After reboot, the af_packet.ko kernel module is loaded:
lsmod
shows:
af_packet  45056  2

But I cannot remove it:
rmmod af_packet
rmmod: ERROR: Module af_packet is in use

I want to be able to rmmod it, for adding debug printing, etc.

How can I find which applications uses it ? (So I will be able to stop
them, rmmod af_packet, and then insmod it again)?


Regards,
Kevin

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Keeping track of called syscalls in real-time

[Ben Mezger]

> This sounds like an LSM, possibly with a component which communicates
> with userspace, depending on how sophisticated "verify" needs to be.

Yes, the component *should* communicate with the userspace. The
sophistication of "verify" varies from user to user. The tool will
provide a few procedures to, say, verify integrity and log call. But
"verify" was a plain example, where my point was that the user could
extend/add these procedures for their own needs.

VisorFlow sounds interesting. I've seen the paper is on submission. When
will it be published?

On 06/28/2017 09:49 PM, W. Michael Petullo wrote:
>> Whenever fopen("/etc/shadow", "r") is called, the tool would intercept
>> it, run the verify() procedure, and return back to the syscall, allowing
>> it to do it's job.
> 
> This sounds like an LSM, possibly with a component which communicates
> with userspace, depending on how sophisticated "verify" needs to be.
> 
> We've also done some very early work in trying to do this type of thing
> from a hypervisor. See:
> 
>   https://www.flyn.org/projects/VisorFlow/
> 

-- 
- seds
~> https://seds.nl

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies