Kernel hook for open

Kernel hook for open

[Catalin BOIE]

Hi, guys!

I wish to know if there is something like a kernel hook for open function.
I want to monitor a file (someting like watchdog on Solaris) and to read
from my own process (module?) and from the file.

I tried with LD_SO_PRELOAD but it haven't any effect on the so libraries.
For example:
If I use function getpwent (that is in a so library) and my home
made .so library that overwrite "open" function and is in
/etc/ld.so.preload file it doesn't work.
Of course, if I use open ("/etc/hosts") the so library execute my
function. 

If it doesn't exist will be nice to have something like this.

Thanks in advance!

---
Catalin(ux) BOIE
catab@deuroconsult.ro
A new Linux distribution: http://l13plus.deuroconsult.ro
http://www2.deuroconsult.ro/~catab

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Erik Mouw]

On Mon, Nov 06, 2000 at 03:55:41PM +0200, Catalin BOIE wrote:
> I wish to know if there is something like a kernel hook for open function.
> I want to monitor a file (someting like watchdog on Solaris) and to read
> from my own process (module?) and from the file.

I don't know what watchdog is, but maybe strace is what you want (man
strace for more info).

> I tried with LD_SO_PRELOAD but it haven't any effect on the so libraries.
> For example:
> If I use function getpwent (that is in a so library) and my home
> made .so library that overwrite "open" function and is in
> /etc/ld.so.preload file it doesn't work.
> Of course, if I use open ("/etc/hosts") the so library execute my
> function. 

Use LD_PRELOAD instead.


Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Michael Vines]

On Mon, 6 Nov 2000, Erik Mouw wrote:

> On Mon, Nov 06, 2000 at 03:55:41PM +0200, Catalin BOIE wrote:
> > I wish to know if there is something like a kernel hook for open function.
> > I want to monitor a file (someting like watchdog on Solaris) and to read
> > from my own process (module?) and from the file.
> 
> I don't know what watchdog is, but maybe strace is what you want (man
> strace for more info).
> 
> > I tried with LD_SO_PRELOAD but it haven't any effect on the so libraries.
> > For example:
> > If I use function getpwent (that is in a so library) and my home
> > made .so library that overwrite "open" function and is in
> > /etc/ld.so.preload file it doesn't work.
> > Of course, if I use open ("/etc/hosts") the so library execute my
> > function. 
> 
> Use LD_PRELOAD instead.

You could also write a simple kernel module that replaces the open system
call.  See the Linux Kernel Module Programming Guide for details. 
http://www.linuxdoc.org/guides.html

specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html

        Michael
       

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Erik Mouw]

On Mon, Nov 06, 2000 at 10:11:11AM -0500, Michael Vines wrote:
> On Mon, 6 Nov 2000, Erik Mouw wrote:
> > Use LD_PRELOAD instead.
> 
> You could also write a simple kernel module that replaces the open system
> call.  See the Linux Kernel Module Programming Guide for details. 
> http://www.linuxdoc.org/guides.html
> 
> specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html

Why difficult when it can be done easy? To test the Y2K readiness of
some programs (yeah, Y2K, remember?), I wrote a small library that
overloaded the time() and gettimeofday() syscalls in about 100 lines of
code. No kernel modules needed, no root privileges needed, just set the
environment variable LD_PRELOAD and off you go.


Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Michael Vines]

On Mon, 6 Nov 2000, Erik Mouw wrote:

> On Mon, Nov 06, 2000 at 10:11:11AM -0500, Michael Vines wrote:
> > On Mon, 6 Nov 2000, Erik Mouw wrote:
> > > Use LD_PRELOAD instead.
> > 
> > You could also write a simple kernel module that replaces the open system
> > call.  See the Linux Kernel Module Programming Guide for details. 
> > http://www.linuxdoc.org/guides.html
> > 
> > specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html
> 
> Why difficult when it can be done easy? To test the Y2K readiness of
> some programs (yeah, Y2K, remember?), I wrote a small library that
> overloaded the time() and gettimeofday() syscalls in about 100 lines of
> code.  No kernel modules needed, no root privileges needed, just set the
> environment variable LD_PRELOAD and off you go.

Well the question was posted to the kernel mailing list and not the glibc
mailing list after all :)

	Michael

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Catalin BOIE]

On Mon, 6 Nov 2000, Erik Mouw wrote:

> On Mon, Nov 06, 2000 at 10:11:11AM -0500, Michael Vines wrote:
> > On Mon, 6 Nov 2000, Erik Mouw wrote:
> > > Use LD_PRELOAD instead.
> > 
> > You could also write a simple kernel module that replaces the open system
> > call.  See the Linux Kernel Module Programming Guide for details. 
> > http://www.linuxdoc.org/guides.html
> > 
> > specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html
> 
> Why difficult when it can be done easy? To test the Y2K readiness of
> some programs (yeah, Y2K, remember?), I wrote a small library that
> overloaded the time() and gettimeofday() syscalls in about 100 lines of
> code. No kernel modules needed, no root privileges needed, just set the
> environment variable LD_PRELOAD and off you go.

I did this but it doesn't catch the getpwent (that use open)!
On strace it apears but my function is not called (I think it's called the
one from the library).

> 
> 
> Erik
> 
> -- 
> J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
> of Electrical Engineering, Faculty of Information Technology and Systems,
> Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
> Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
> WWW: http://www-ict.its.tudelft.nl/~erik/
> 

---
Catalin(ux) BOIE
catab@deuroconsult.ro
A new Linux distribution: http://l13plus.deuroconsult.ro
http://www2.deuroconsult.ro/~catab

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Catalin BOIE]

On Mon, 6 Nov 2000, Michael Vines wrote:

> On Mon, 6 Nov 2000, Erik Mouw wrote:
> 
> > On Mon, Nov 06, 2000 at 10:11:11AM -0500, Michael Vines wrote:
> > > On Mon, 6 Nov 2000, Erik Mouw wrote:
> > > > Use LD_PRELOAD instead.
> > > 
> > > You could also write a simple kernel module that replaces the open system
> > > call.  See the Linux Kernel Module Programming Guide for details. 
> > > http://www.linuxdoc.org/guides.html
> > > 
> > > specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html
> > 
> > Why difficult when it can be done easy? To test the Y2K readiness of
> > some programs (yeah, Y2K, remember?), I wrote a small library that
> > overloaded the time() and gettimeofday() syscalls in about 100 lines of
> > code.  No kernel modules needed, no root privileges needed, just set the
> > environment variable LD_PRELOAD and off you go.
> 
> Well the question was posted to the kernel mailing list and not the glibc
> mailing list after all :)
> 
> 	Michael
> 

Yes, you are right. It was my fault. I should have send my mail to both
kernel and glibc list.

I just want to intercept open call. That's all. I don't care much if I
must do a kernel module or I use PRELOAD. Probably is better to use
LD_PRELOAD.

Thank you all for your kindly help! You are great! All of you! Thanks!

---
Catalin(ux) BOIE
catab@deuroconsult.ro
A new Linux distribution: http://l13plus.deuroconsult.ro
http://www2.deuroconsult.ro/~catab

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Tigran Aivazian]

On Mon, 6 Nov 2000, Erik Mouw wrote:

> On Mon, Nov 06, 2000 at 10:11:11AM -0500, Michael Vines wrote:
> > On Mon, 6 Nov 2000, Erik Mouw wrote:
> > > Use LD_PRELOAD instead.
> > 
> > You could also write a simple kernel module that replaces the open system
> > call.  See the Linux Kernel Module Programming Guide for details. 
> > http://www.linuxdoc.org/guides.html
> > 
> > specifically http://www.linuxdoc.org/LDP/lkmpg/node20.html
> 
> Why difficult when it can be done easy? To test the Y2K readiness of
> some programs (yeah, Y2K, remember?), I wrote a small library that
> overloaded the time() and gettimeofday() syscalls in about 100 lines of
> code. No kernel modules needed, no root privileges needed, just set the
> environment variable LD_PRELOAD and off you go.

To test Y2k readiness of programs one simply can use my timetravel kernel
module. No, doing things in userspace is far more complex and less
reliable and also simply not good enough (because doesn't cover the case
of statically-linked binaries):

http://www.ocston.org/~tigran/tt/tt.html

Regards,
Tigran

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: Kernel hook for open

[Tigran Aivazian]

On Tue, 7 Nov 2000, Tigran Aivazian wrote:
> To test Y2k readiness of programs one simply can use my timetravel kernel
> module. No, doing things in userspace is far more complex and less
> reliable and also simply not good enough (because doesn't cover the case
  ~~~~~~~~

yes, yes, I am aware of the infamous "race in rmmod in blocked syscalls
replaced by a module" problem. But now that y2k is long gone why should I
fix it? :) (it is trivial to fix with MOD_INC/DEC_USE_COUNT anyway).


> of statically-linked binaries):
> 
> http://www.ocston.org/~tigran/tt/tt.html
> 
> Regards,
> Tigran
> 
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/