Re: Intercepting system calls

From: Rajat Sharma <fs.rajat@gmail.com>
To: rohan puri <rohan.puri15@gmail.com>
Cc: Gaurav Saxena <grvsaxena419@gmail.com>, linux-fsdevel@vger.kernel.org
Subject: Re: Intercepting system calls
Date: Thu, 29 Dec 2011 18:42:59 +0530	[thread overview]
Message-ID: <CAAYFAvqJmwwkq1RP9U7atef3JK6OFu26qG9pBRQTpn3UuDqNdw@mail.gmail.com> (raw)
In-Reply-To: <CALJfu6NrF2fjsWUi4gnV9X6AN3rcecL=6=j9ZZADaRGwz3mECw@mail.gmail.com>

You could probably trim down ecryptfs and customize it as per your
need. It has advantage of being in mainline. Just remove encryption
part of it. I wish if Linux provided a framework to do the same.

-Rajat

On Thu, Dec 29, 2011 at 6:37 PM, rohan puri <rohan.puri15@gmail.com> wrote:
>
>
> On Thu, Dec 29, 2011 at 6:02 PM, Gaurav Saxena <grvsaxena419@gmail.com>
> wrote:
>>
>> On 12/29/11, Rajat Sharma <fs.rajat@gmail.com> wrote:
>> > well ecryptfs which ships with mainline linux kernel is based upon
>> > stackable approach (wrapfs), do you call it hack? :)
>> Ok. I will try to use wrapfs but it seems its quite old and inactive
>> too. I would have to write a new filesystem extending wrapfs it seems.
>> I would work upon it and ask for help when I get problems. :)
>> Thanks a lot for helping me.
>> >
>> > On Thu, Dec 29, 2011 at 5:36 PM, Gaurav Saxena <grvsaxena419@gmail.com>
>> > wrote:
>> >> On 12/29/11, Rajat Sharma <fs.rajat@gmail.com> wrote:
>> >>> Well kprobe is:
>> >>>
>> >>> 1. meant to instrument debugging while developing
>> >>> 2. Is configured with kernel configuration parameters which you can
>> >>> not guarantee to be configured on deployment site.
>> >>> 3. slower as it works with debugger break point instruction and single
>> >>> stepping mode.
>> >>> 4. probing into an instruction and altering behavior might not scale
>> >>> across kernel version and interface changes.
>> >>>
>> >>> But yes, you can technically capture any kernel instruction's virtual
>> >>> address and probe into it. Building solution on top of such
>> >>> instrumentation -- HACK!! :)
>> >> Ok Thanks. I see it will be real slow then as its only a debugging
>> >> mechanism, I also found a hack which uses a kprobe based approach and
>> >> adds a jump code to beginning of system calls. Yes I agree with you ,
>> >> I don't want hack which needs to be changed with kernel versions or
>> >> depends on configuration of kernel.
>> >> I will give a try to wrapfs today. :) Is it too a hack ?
>> >>>
>> >>> Did you try looking for LSM as well?
>> >> LSM projects like SELinux ? Actually they need kernel rebuild/
>> >> reinstall thus I would try not to go for such options.
>> >>>
>> >>> -Rajat
>> >>>
>> >>
>> >> --
>> >> Thanks and Regards ,
>> >> Gaurav
>> >
>>
>>
>> --
>> Thanks and Regards ,
>> Gaurav
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel"
>> in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
> Just to let you know, you can make use of
> http://gauravnaigaonkar.web.officelive.com/Documents/hw2.txt as a reference
> on how to write a stackable file system. This is for linux kernel version
> 2.6.26
>
> Regards,
> Rohan Puri
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html