On Mon, 6 Dec 2004, Chris Wright wrote: > * Adrian Drzewiecki (z@private) wrote: > > Goal: let LSMs define custom syscall auditing. > > > > The patch below introduces a new LSM hook security_audit_syscall. > > It is meant to be called from ptrace.c:do_syscall_trace(). Architectures > > which choose to use this hook should move the syscall audit code > > out of do_syscall_trace() into audit_syscall() and > > define ARCH_HAVE_AUDIT_SYSCALL. See i386 and UM arch patches for details. > > Adrian, I don't quite understand the need for this patch. Could you > supply some more details? > > thanks, > -chris Chris, For me the need for this patch was an LSM that I was working on which wanted to keep track of the system calls that a task called. This was the cleanest way for me do this. The idea cam from Andrea Arcangeli's "secure computing" patch. If this LSM hook were in place, his patch could be implemented as a simple security module instead. So security_audit_syscall() could be used to prevent a process from making certain system calls -- creating a simple sandbox. -- Adrian Drzewiecki
This archive was generated by hypermail 2.1.3 : Tue Dec 07 2004 - 10:39:48 PST