On Wed, 23 Sep 2009, hch@xxxxxxxxxxxxx wrote: > On Wed, Sep 23, 2009 at 09:39:33AM +0100, Tvrtko Ursulin wrote: > > Lived with it because there was no other option. We used LSM while it was > > available for modules but then it was taken away. > > > > And not all vendors even use syscall interception, not even across platforms, > > of which you sound so sure about. You can't even scan something which is not > > in your namespace if you are at the syscall level. And you can't catch things > > like kernel nfsd. No, syscall interception is not really appropriate at all. > > The "Anti-Malware" industry is just snake oil anyway. I think the > proper approach to support it is just to add various no-op exports claim > to do something and all the people requiring anti-virus on Linux will be > just as happy with it. The fear is that this becomes a trojan horse (no pun intended) for more and more hooks and "stuff", driven by we-really-need-this-too and we-really-need-that-too. And once something it's in, it's harder to say no, under the pressure of offering a "limited solution". This ws the reason I threw the syscall tracing thing in, so they have a low level generic hook, and they cam knock themselves out in their module (might need a few exports, but that's about it). - Davide -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html