[PLUG] Kernel level file calling
bain at devslashzero.com
Sat Nov 20 01:52:52 PST 2010
> I have a file foo.bar on my disk, which is handled by an application foo.
> Say double click on it or access it from command line as foo foo.bar.
> Now can I write a kernel module or any other application as a daemon, which
> intercepts this call and reads the contents of my file and then passes back
> the control to foo.
> Foo is an independent software, like say vi, for argument sake.
What you are looking for is SELinux.
One of the fundamental features is to provide hooks to all system level
objects, syscalls, processes, files. One can define many rules using
SELinux. The best part is the actual hook processing can be and usually
will be in userspace (and no it won't need voluntary overloading of libc
function with LD_PRELOAD, it will be kernel enforced.)
This enables lot of scenarios like let only few users change a asterisk
config file and only if they are logged in locally, or mandatorily run
antivirus on all executables with superuser permissions etc.
Its a vast complex framework and I have little practical
knowledge/experience on this except for knowing howto disable these
policies on a default centos install :).
But even without SELinux, it should be trivial to implement the above by
intercepting syscall for file open from a kernel module.
More information about the plug-mail