errik
2011-02-18 11:03:55 UTC
Hi John,
These days I am trying to find a way to do execve hook on 2.6.32 kernel.
I have tried dazukofs, it works with risk because we can't stop it
after we mount a directory as dazukofs. The only way is to reboot the OS. If
I mount watching directories to dazukofs, it has some potential impact to my
server.
Also I tried redirfs, it only supports open and close hook not support
execve hook.
At the end I tried to port Dazuko (LSM way) to kernel 2.6.32. The execve
hook works fine with dazuko-LSM. But after I modify all the security APIs
for 2.6.32, I found the kernel API register_security is not exported event
there is no kernel API unregister_security.
So I hope I can get some suggestions from you:
1. Is it possibile that I continue to use LSM on kernel 2.6.32? How can
I do this? It seems kernel developers want to remove LSM from future kernel.
2. Can Dazuko catch execve events with RedirFS on kernel 2.6.32?
Looking forward to your suggestions.
Thanks a lot,
Errik
These days I am trying to find a way to do execve hook on 2.6.32 kernel.
I have tried dazukofs, it works with risk because we can't stop it
after we mount a directory as dazukofs. The only way is to reboot the OS. If
I mount watching directories to dazukofs, it has some potential impact to my
server.
Also I tried redirfs, it only supports open and close hook not support
execve hook.
At the end I tried to port Dazuko (LSM way) to kernel 2.6.32. The execve
hook works fine with dazuko-LSM. But after I modify all the security APIs
for 2.6.32, I found the kernel API register_security is not exported event
there is no kernel API unregister_security.
So I hope I can get some suggestions from you:
1. Is it possibile that I continue to use LSM on kernel 2.6.32? How can
I do this? It seems kernel developers want to remove LSM from future kernel.
2. Can Dazuko catch execve events with RedirFS on kernel 2.6.32?
Looking forward to your suggestions.
Thanks a lot,
Errik