How to hook the system call?
Alexandru Juncu
alex.juncu at rosedu.org
Wed Nov 23 11:59:50 EST 2011
On Wed, Nov 23, 2011 at 6:50 PM, Geraint Yang <geraint0923 at gmail.com> wrote:
> Hi,
> Thank all of you for helping me with problem!
> I don't want to modify my kernel source so I am trying to learn to use LSM
> security hook even though it seems that it couldn't hook all the system
> calls, I think it should be enough for me.
> Thanks again!
I know that AppArmor can hock syscalls like read, write and memory
mapping and can deny or accept them. I am not sure if you can make it
do something else when hocked, but I know it has a script-like
configuration, so maybe you can take some other actions.
More information about the Kernelnewbies
mailing list