Query regarding kernel modules intercepting system call.

[Lino Sanfilippo]

Hi,

On 08.07.2017 17:38, Ajinkya Surnis wrote:
> The purpose of assignment is to check the authenticity of the user
> executing the system call, and prevent certain users from executing, kind
> of like certain security programs (although I don't exactly know how they
> work).
> 

I suggest to take a look at "fanotify", which offers you the possibility
to intercept open() calls at VFS level and also provides you with the
user/group id of the file accessing process.


Regards,
Lino