how can a daemon get notified when a system call is made
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The strace utility can attach to any running process and log the syscalls the process calls. By reading its sources you can probably find out how this is done.
Logging any (instead of selected processes) syscall that happens on an entire system may not be possible (or very difficult/intrusive) the strace-way (i.e. without an special kernel module). It seems that is exactly what this software did to be able to track any syscall. I suggest trying to read its sources, or just use it.
LSM stands for "Linux Security Modules" framework and is equal to say the "Netfilter" framework or "DBUS" in the way that other applications may use it. In the case of the LSM two well-known "users" are SE-Linux and GRSecurity. Auditd, the audit daemon, allows you to maintain a (plaintext) database of rules with which to track for instance system call usage. However just like the previous Dnotify and current Inotify implementation it has a usability issue. You can not set a watch ("-w") on a directory and expect system calls to be monitored recursively, you'll have to set a watch for each file. You could combine things and set watches for static files in system directories where changes are not expected (OK, that depends...) and use Inotify for directories with volatile contents.
Quote:
Originally Posted by Hko
Logging any (instead of selected processes) syscall that happens on an entire system may not be possible (or very difficult/intrusive) the strace-way (i.e. without an special kernel module). It seems that is exactly what this software did to be able to track any syscall.
SysCallTrack was developed for the 2.4 kernel and never ported to 2.6. Unfortunate because it was very easy to work with. Current 2.6 kernels do have Kprobes builtin meaning you can use SystemTap or else try LTTng, LTTV, LKST. Other options to intercept syscalls could use something LD_PRELOADed or a kernel module, but since the OP doesn't provide any details it'll be hard to guesstimate what will be the "way bestest" option...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.