So what you want to do is get notification of new file creations ?
> sys_call_table[__NR_open]. We did realize that this is a bad idea if a
> user loads another module doing the same, and then unloads in the wrong
> order. And also that this is not a very pretty method. But it worked.
Its also useless because I can switch paths around under your analyser
and fool you into missing things. Wrappers dont work, its also why snare
is so limited in value for example.
There are interfaces for monitoring directories for new file creations -
using things like dnotify from user space. They may be sufficient, but
if not the right question is "how do we make a real solution work" not
how do we hack half working tricks into syscall entry points.
> compile a new kernel. Is there some API for wrapping system calls which
> I am unaware of, or are there plans to provide one?
In general there isnt, nor should there need to be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/