Sounds like your experience was very much the same as our experience adding support for Janus into the Linux kernel. (right down to adding hooks at the same two locations for processes exiting!) I'll comment below on just a few very minor differences I saw from your note. Douglas Kilpatrick wrote: >Yep. Execve is a pretty straight forward example though... As long as >you are trying to augment the system call and not replace it, the >argument decoding you do is pretty straight forward. Did you implement this in the kernel on Linux? How did you deal with the fact that the implementation sys_execve() reads from its caller's stack frame? Due to this issue, I found that just putting a wrapper around sys_execve() doesn't work, and I essentially had to cut-and-paste code from arch/i386/kernel/process.c. Do you have a better solution? >For a worse example, look at the network syscall (socketcall(2). Lots >of painfull copying and bit banging that the real syscall will just >do again later. Yeah, no kidding. >We also frequently found ourselves wanting to make decisions based on >what a given file descriptor refered to. Can you give any examples? In Janus, we pushed all these checks to open(), but are there some important cases where you can't do this?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:15:27 PDT