On Sat, Sep 22, 2012 at 8:08 AM, Kushan Sharma <[email protected]> wrote: > Hello, > > Currently I am developing a "syscall monitoring program using libseccomp". > When a new syscall found, libseccomp generates SIGTRAP syscall. It is > possible to identify the new syscall using the signal-handler given in the > example (http://outflux.net/teach-seccomp). I am trying to figure out a > method to pause the execution of the process until the user makes his > decision to allow/deny the new syscall. If user allows the execution, the > execution of the process needs to be resumed. Will it be possible to resume > the process from where it was trapped due to the SIGTRAP syscall? According > to my knowledge, when a SIGTRAP signal is generated, the process will be > terminated with a core dump. and the stack will be flushed.
Unfortunately I don't believe you can do what you are trying to do with seccomp/libseccomp; I might suggest you look into things like the "ptrace()" syscall, the "strace" command, and perhaps even the "gdb" debugger. > Please kindly suggest me a solution to overcome the above issue. Further I > would highly appreciate if you can direct me to a good C programing resource > material so that I can program the above task correctly. I don't have any direct experience with online C programming guides, but I expect that Google or any other search engine could offer some suggestions. Also, don't forget that the source for the Linux Kernel, the libseccomp library, the strace command, and gdb are all available for viewing; looking at existing code can be a great learning resource. Good luck! -- paul moore www.paul-moore.com ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
