Hi Mark, I think the best way to get started is 1) to create the module base, i.e. a kernel module that registeres itself with the LSM framework and just prints out, that it has been initialized. I think the easiest way to compile the module is to add it to the Makefile and Kconfig files in the linux/security directoy. Then 2) you need to figure out which hooks you need to implement - the only way to do that (afaik) is looking in the security.h file of the kernel version you use. If you want a practical example, take a look at Umbrella (umbrella.sf.net). The 0.7 tar ball includes both the structure for a security module (umbrella.c) and some scripts for merging your code into a Linux tree. Best regards, Kristian. -- Kristian Sørensen, Linnovative On Thu, October 27, 2005 10:46 pm, Mark Bainter wrote: > I'm looking to write a fairly simple (at least at first) module that I can > use to just log all of the commands root executes on a machine. I think > LSM > is probably the best way to handle this from what I've read so far, but > I"m > having trouble getting started. > > I've been reviewing the general linux kernel module documentation already. > I've done some work there before, though mostly in patches. The root plug > module is interesting...but the code doesn't (at least at first blush) > seem > to reflect the current code. Is it more up to date than it seems to my > untrained eyes? > > I'm curious if there are some other examples out there that I can look at? > Preferably something simpler to get into than say SELinux. Or is there > some > documentation I can read? I looked over the documentation at > immunix.org<http://immunix.org>, > but it is mostly an overview and then a list of functions. Valuable and > appreciated to be sure, but I was hoping for a bit more detail on the > concepts and such. > > Thanks >
This archive was generated by hypermail 2.1.3 : Fri Oct 28 2005 - 09:31:28 PDT