Well, you could security_ops->task_ops->set_label(filename) to do the check. If this function returns nonzero, execve will return with that value. -serge Quoting Chris Wright (chrisat_private): > * Chris Lundberg (clundberat_private) wrote: > > What is the best way to monitor calls to execve using the lsm? We are > > trying to monitor, and perhaps conditionally prevent, program execution. > > Calls to sys_execve are not monitored by lsm. Right now, the way to care if > a process can exec a program is via the security_ops->inode_ops->permission() > call and checking for MAY_EXEC. (Note: the permission() call always calls > the security_ops->inode_ops->permission() function before doing anyting > else). > > sys_execve is arch dependent, and it calls the non-arch dependent function > fs/exec.c:do_execve() which in fairly short order calls permission(). > > A few other checks happen a little later, but that ought to get you started. > > -chris > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri May 25 2001 - 10:47:31 PDT