systrace_redirect, systrace_fork, systrace_exit - enforce
policies for
system calls
#include <dev/systrace.h>
int
systrace_redirect(int code, struct proc *p, void *args,
register_t *retval);
void
systrace_fork(struct proc *oldproc, struct proc *p);
void
systrace_exit(struct proc *p);
These functions are used to enforce policy on the system
calls as described
in systrace(1).
systrace_redirect() should be used to perform a system call
number code
with arguments args for the process p. The result is then
put into the
retval pointer. A typical code sequence would be:
#include "systrace.h"
...
#if NSYSTRACE > 0
if (ISSET(p->p_flag, P_SYSTRACE))
error = systrace_redirect(code, p,
args, rval);
else
#endif
error = (*callp->sy_call)(p, args,
rval);
systrace_fork() is called from the fork1(9) function to inherit policy
for the child process.
systrace_exit() is called during the death cycle of the process to detach
the policy from the exiting process.
A subsystem for enforcing system call policies is implemented in
sys/dev/systrace.c.
systrace(1), systrace(4), syscall(9)
The systrace_redirect section manual page appeared in OpenBSD 3.4.
OpenBSD 3.6 July 21, 2003
[ Back ] |