Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 Dec 2006 10:08:39 +0000 (GMT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Stanislav Ochotnicky <stanislav.ochotnicky@kmit.sk>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: tracing AND intercepting syscalls?
Message-ID:  <20061203100714.H40536@fledge.watson.org>
In-Reply-To: <4571AA86.1060303@kmit.sk>
References:  <4571AA86.1060303@kmit.sk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2 Dec 2006, Stanislav Ochotnicky wrote:

> trustedbsd's MAC framework: i've read manual, looked at source etc. And I 
> couldn't find a way to stop at every syscall certain process has made. There 
> is mac_syscall() function but as far as I could tell, it only registers new 
> syscall. All in all, it seems that it should have some way to do this, maybe 
> I just couldn't find it.

As discussed elsewhere in the thread, ptrace() has a syscall trapping 
facility, although I've not used it so can't speak to how well it works.

There are patches to add system call entry and exit hooks to the MAC 
Framework, but they've not yet been merged.  I anticipate that they will ship 
in FreeBSD 7.0, and may get MFC'd, depending on schedule, etc.

Robert N M Watson
Computer Laboratory
University of Cambridge



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061203100714.H40536>