LSM of Dazuko on kernel 2.6.32

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

LSM of Dazuko on kernel 2.6.32

errik
Hi John,
    These days I am trying to find a way to do execve hook on 2.6.32 kernel.
    I  have tried dazukofs, it works with risk because we can't stop it after we mount a directory as dazukofs. The only way is to reboot the OS. If I mount watching directories to dazukofs, it has some potential impact to my server.
    Also I tried redirfs, it only supports open and close hook not support execve hook.
    At the end I tried to port Dazuko (LSM way) to kernel 2.6.32. The execve hook works fine with dazuko-LSM. But after I modify all the security APIs for 2.6.32, I found the kernel API  register_security is not exported event there is no kernel API unregister_security.
  
    So I hope I can get some suggestions from you:
    1. Is it possibile that I continue to use LSM on kernel 2.6.32? How can I do this? It seems kernel developers want to remove LSM from future kernel.
   
     2. Can Dazuko catch execve events with RedirFS on kernel 2.6.32?
 
     Looking forward to your suggestions.
 
Thanks a lot,
Errik
 
 
 
   

_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel
Reply | Threaded
Open this post in threaded view
|

Re: LSM of Dazuko on kernel 2.6.32

errik
Hi All,
    I have found a way to get the event type. I use file_permission to replace inode_permission for the security hook point and use FMODE_EXEC & file->f_flags to get the event type.
    When a sys_execve is called, the open_exec will return a struct file * with file->f_flags set to FMODE_EXEC.
   
Thanks,
Errik
2011/2/18 errik <[hidden email]>
Hi John,
    These days I am trying to find a way to do execve hook on 2.6.32 kernel.
    I  have tried dazukofs, it works with risk because we can't stop it after we mount a directory as dazukofs. The only way is to reboot the OS. If I mount watching directories to dazukofs, it has some potential impact to my server.
    Also I tried redirfs, it only supports open and close hook not support execve hook.
    At the end I tried to port Dazuko (LSM way) to kernel 2.6.32. The execve hook works fine with dazuko-LSM. But after I modify all the security APIs for 2.6.32, I found the kernel API  register_security is not exported event there is no kernel API unregister_security.
  
    So I hope I can get some suggestions from you:
    1. Is it possibile that I continue to use LSM on kernel 2.6.32? How can I do this? It seems kernel developers want to remove LSM from future kernel.
   
     2. Can Dazuko catch execve events with RedirFS on kernel 2.6.32?
 
     Looking forward to your suggestions.
 
Thanks a lot,
Errik
 
 
 
   


_______________________________________________
Dazuko-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/dazuko-devel