Hello
Le Sat, 31 Jan 2009 12:57:04 +0100,
Bastian Blank <bastian@xxxxxxxxxxxx> a écrit :
> On Thu, Jan 29, 2009 at 04:09:37PM +0100, Frederic Beck wrote:
> > > Use the audit infrastructure within the Linux kernel.
> > I took a quick look, audit should be running on the VM it self,
>
> It is part of the Linux kernel.
Ok, so the one i was looking at does not seem to be the right one. I'll
take a look in the kernel code then.
> > as i will have different OS running in my VMs (Linux, windows...)
> > I'm not sure that it will permit to do what i want.
>
> And AFAIK you won't be able to catch "syscalls" on HVM domains anyway.
Well, i thought it was possible, because when i'm running an HVM
domain, if i print the values of the registers in do_guest_trap from
xen-3.3.0/xen/arch/x86/traps.c it looks like syscalls.
Maybe i misunderstood something here.
The other solution i was thinking of is adding a module in the kernel
which would integrate a new syscall whose role would be to get the info
from the stack address and send it back to the hypervisor via an
integer in a first time, then maybe later on via a more complex struct
if i need more info.
In that case, would the hypervisor be able to use that syscall of
should i modify something more in the hypervisor ? (like creating an
hypercall maybe ?) This is the parts of the Xen architecture i did not
get integrally yet.
Anyway, i'll take a look at the kernel audit first.
Thanks for the help
Regards
Fred
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home