I've been working on a file monitoring daemon whose job it is to sit around and watch the file system for changes. Pretty simple, right?. Here's the catch: I want the daemon to intervene if any process tries to access certain (i.e. - pre-specified by the admin) files.
My implementation so far uses a kernel module that overloads the "open" system call and triggers a set of python scripts. The scripts do some condition checking to see if the file being opened is one of those that was pre-specified. If not, it returns immediately and the "open" call proceeds normally. But if so, the scripts do a bunch of work, and only then allow the kernel to go on with the "open."
This sounds like a pretty reasonable thing, right? Well unfortunately, it relies on the ability to export the system call table from the kernel, which has been outlawed by RedHat in v2.4 and by Linus in v2.6. In general, it is thought that overloading system calls is a bad way to do anything. However, it is not clear that there is any other way for me to build my daemon. Does anybody have a better way for me to get this done?
Thanks,
Brian Rossa Dept. of Cognitive & Neural Systems Boston University
-- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
