Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 21 Oct 2002 14:22:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 21 Oct 2002 14:22:15 -0400 Received: from nameservices.net ([208.234.25.16]:51453 "EHLO opersys.com") by vger.kernel.org with ESMTP id ; Mon, 21 Oct 2002 14:22:14 -0400 Message-ID: <3DB4487C.F6355C59@opersys.com> Date: Mon, 21 Oct 2002 14:33:32 -0400 From: Karim Yaghmour Reply-To: karim@opersys.com Organization: Opersys inc. X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.19 i686) X-Accept-Language: en MIME-Version: 1.0 To: Miquel van Smoorenburg CC: linux-kernel@vger.kernel.org, Jacques Gelinas Subject: Re: System call wrapping References: <1035222121.1063.20.camel@pc177> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1400 Lines: 35 Miquel van Smoorenburg wrote: > In article <1035222121.1063.20.camel@pc177>, > Henr? ??r Baldursson wrote: > >In our Windows product we have something called "Realtime protector" > >which monitors file access on Windows running machines and scans them > >before allowing access. > > > >We now want, due to customer demand, to supply our Linux users with > >similar functionality, and we've created a 2.4.x kernel module which > >wrapped the open system call by means of overwriting > >sys_call_table[__NR_open]. > > What is wrong with a preloaded library (by means of /etc/ld.so.preload) > that intercepts open at the library level (and calls the real open() > using RLTD_NEXT) ? Just let it talk over a unix socket to your > scanner server. Jacques Gelinas already has something that does precisely that: http://www.solucorp.qc.ca/virtualfs/ I don't know if it's still being updated, but the ideas are all there. Karim =================================================== Karim Yaghmour karim@opersys.com Embedded and Real-Time Linux Expert =================================================== - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/