On Wed, Sep 23, 2009 at 09:39:33AM +0100, Tvrtko Ursulin wrote: > Lived with it because there was no other option. We used LSM while it was > available for modules but then it was taken away. > > And not all vendors even use syscall interception, not even across platforms, > of which you sound so sure about. You can't even scan something which is not > in your namespace if you are at the syscall level. And you can't catch things > like kernel nfsd. No, syscall interception is not really appropriate at all. The "Anti-Malware" industry is just snake oil anyway. I think the proper approach to support it is just to add various no-op exports claim to do something and all the people requiring anti-virus on Linux will be just as happy with it. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
