[PLUG] Kernel level file calling

Abhijit Bhopatkar bain at devslashzero.com
Sat Nov 20 15:22:52 IST 2010


> Doubt:
> I have a file foo.bar on my disk, which is handled by an application foo.
> Say double click on it or access it from command line as foo foo.bar.
>
> Now can I write a kernel module or any other application as a daemon, which
> intercepts this call and reads the contents of my file and then passes back
> the control to foo.
>
> Foo is an independent software, like say vi, for argument sake.
>

What you are looking for is SELinux.
One of the fundamental features is to provide hooks to all system level 
objects, syscalls, processes, files. One can define many rules using 
SELinux. The best part is the actual hook processing can be and usually 
will be in userspace (and no it won't need voluntary overloading of libc 
function with LD_PRELOAD, it will be kernel enforced.)

This enables lot of scenarios like let only few users change a asterisk 
config file and only if they are logged in locally, or mandatorily run 
antivirus on all executables with superuser permissions etc.

Its a vast complex framework and I have little practical 
knowledge/experience on this except for knowing howto disable these 
policies on a default centos install :).

But even without SELinux, it should be trivial to implement the above by 
intercepting syscall for file open from a kernel module.

Abhijit




More information about the Plug-mail mailing list