Hi all!
I have implemented a systemcall against linux-2.6.8.1 using the following
patches:
--- linux-2.6.8.1-clean/arch/i386/kernel/entry.S 2004-08-14
12:55:09.000000000 +0200
+++ linux-2.6.8.1/arch/i386/kernel/entry.S 2004-11-30 14:48:36.000000000
+0100
@@ -887,4 +887,7 @@
.long sys_mq_getsetattr
.long sys_ni_syscall /* reserved for kexec */
+ .long sys_umb_set_child_restrictions
syscall_table_size=(.-sys_call_table)
--- linux-2.6.8.1-clean/include/asm-i386/unistd.h 2004-08-14
12:55:35.000000000 +0200
+++ linux-2.6.8.1/include/asm-i386/unistd.h 2004-11-30 14:48:36.000000000
+0100
@@ -290,8 +290,13 @@
#define __NR_mq_getsetattr (__NR_mq_open+5)
#define __NR_sys_kexec_load 283
-#define NR_syscalls 284
-
+#define __NR_umb_set_child_restrictions 284
+
+#define NR_syscalls 285
/* user-visible error numbers are in the range -1 - -124: see
<asm-i386/errno.h> */
#define __syscall_return(type, res) \
This works like a charm. If i apply this to linux-2.6.9 it does not work
anymore. The syscall is in kallsyms, but nothing happens when I call it.
Any suggestions?
What am I missing?
//snc
----------------
S?ren N?hr Christensen
Computer Science @ AAU
[email protected]
* S?ren N?hr Christensen ([email protected]) wrote:
<snip>
> +#define __NR_umb_set_child_restrictions 284
<snip>
> Any suggestions?
Don't do it this way. Use /proc/<pid>/attr/ interface if you only want
to handle creating restrictions within a process. If you're using it to
load your policy, then create a reasonable filesystem interface and do
it that way. This will be portable across versions and architectures
without allocating any syscalls.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net