For security reasons, the kernel ceased to export characters necessary for writing security modules in the form of loadable kernel modules (Linux Kernel Module, LKM) starting with version 2.6.24.
And you can’t export sys_call_table, again for security reasons.
But then, how can I filter filesystem requests?
I’ll state it simply: I want to hook the “open” function!
I don’t want to have to compile my own version of the kernel, what’s the point of drivers? It should work for all kernels.
Please help, thought I would have more freedom than Windows with Linux, but now I see the most precious parts of my life are blocked in Linux.
Advertisement
Answer
I’ve written a kernel module that can do this called tpe-lkm. I’ve also mentioned it on some other questions similar to this here on StackOverflow:
- access to the sys_call_table in kernel 2.6+
- Reading kernel memory using a module
- intercepting file system system calls
Hope one of these helps you out.