On 12/29/11, Rajat Sharma <fs.rajat@xxxxxxxxx> wrote: > Well kprobe is: > > 1. meant to instrument debugging while developing > 2. Is configured with kernel configuration parameters which you can > not guarantee to be configured on deployment site. > 3. slower as it works with debugger break point instruction and single > stepping mode. > 4. probing into an instruction and altering behavior might not scale > across kernel version and interface changes. > > But yes, you can technically capture any kernel instruction's virtual > address and probe into it. Building solution on top of such > instrumentation -- HACK!! :) Ok Thanks. I see it will be real slow then as its only a debugging mechanism, I also found a hack which uses a kprobe based approach and adds a jump code to beginning of system calls. Yes I agree with you , I don't want hack which needs to be changed with kernel versions or depends on configuration of kernel. I will give a try to wrapfs today. :) Is it too a hack ? > > Did you try looking for LSM as well? LSM projects like SELinux ? Actually they need kernel rebuild/ reinstall thus I would try not to go for such options. > > -Rajat > -- Thanks and Regards , Gaurav -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
