Hi All,
I have found a way to get the event type. I use file_permission to
replace inode_permission for the security hook point and use FMODE_EXEC &
file->f_flags to get the event type.
When a sys_execve is called, the open_exec will return a struct file *
with file->f_flags set to FMODE_EXEC.
Thanks,
Errik
2011/2/18 errik <waitingfor2009ma...@gmail.com>
> Hi John,
> These days I am trying to find a way to do execve hook on 2.6.32
> kernel.
> I have tried dazukofs, it works with risk because we can't stop it
> after we mount a directory as dazukofs. The only way is to reboot the OS. If
> I mount watching directories to dazukofs, it has some potential impact to my
> server.
> Also I tried redirfs, it only supports open and close hook not support
> execve hook.
> At the end I tried to port Dazuko (LSM way) to kernel 2.6.32. The
> execve hook works fine with dazuko-LSM. But after I modify all the security
> APIs for 2.6.32, I found the kernel API register_security is not exported
> event there is no kernel API unregister_security.
>
> So I hope I can get some suggestions from you:
> 1. Is it possibile that I continue to use LSM on kernel 2.6.32? How can
> I do this? It seems kernel developers want to remove LSM from future kernel.
>
> 2. Can Dazuko catch execve events with RedirFS on kernel 2.6.32?
>
> Looking forward to your suggestions.
>
> Thanks a lot,
> Errik
>
>
>
>
>
_______________________________________________
Dazuko-devel mailing list
Dazuko-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
