1 |
On Mon, 2003-09-22 at 19:44, Paul de Vrieze wrote: |
2 |
|
3 |
> If there were some way that we can have overlay filesystems supported by the |
4 |
> kernel ( readonly mount root, and over that mount a freshly created dir that |
5 |
> will be used for all writes instead of the original. For reads though the |
6 |
> original filesystem is visible (as long as there is no file with the same |
7 |
> name in the writable part)) then it would be quite easy with chroot to |
8 |
> "track" changes. I'm not a kernel coder, and I have no idea whether such code |
9 |
> allready exists. It should be not too complex either. And also provide some |
10 |
> of the "extra security" that was asked by an earlier thread this month. It |
11 |
> should also be more foolproof than the sandbox, but relies on the kernel. |
12 |
> |
13 |
|
14 |
I have thought about using an kernel module multiple times (there are |
15 |
actually one or two of those apps that tracks installs that use such |
16 |
an module ... or tried to develop one back than). Problem is though |
17 |
that you will either limit the user to what kernel he use, or might |
18 |
run into issues with having to update it all the time to not break on |
19 |
new kernels or way different trees like -aa, etc. Do not know how |
20 |
much these hold anymore though. |
21 |
|
22 |
The bigger issue, is that late 2.5 and now 2.6 kernels do not allow |
23 |
you to replace system calls (something needed for a module like this). |
24 |
This will then either force us to not use this for 2.6, or hack the |
25 |
kernel, which will really limit the user. On another note - I do not |
26 |
know if the new API and hooks added for the security modules might |
27 |
enable us to have the same end result as hooking system calls with |
28 |
our own would have done ... |
29 |
|
30 |
|
31 |
Regards, |
32 |
|
33 |
-- |
34 |
|
35 |
Martin Schlemmer |
36 |
Gentoo Linux Developer, Desktop/System Team Developer |
37 |
Cape Town, South Africa |