Skip to content

agreal2005/Syscall-Blocking-in-Namespaces

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
KProbe_syscall_block_v1.0
KProbe_syscall_block_v1.0
 
 
KProbe_syscall_block_v2.0
KProbe_syscall_block_v2.0
 
 
LSMs
LSMs
 
 
eBPF_block_mkdir
eBPF_block_mkdir
 
 
README.md
README.md
 
 

Repository files navigation

We have tried to intercept syscalls and apply namespace checking using the following methods:-

  1. Hooks (Implementing hooks as loadable module)
    • KProbe_syscall_block_v1.0 --> uses kernel panic to block syscalls, when they happens from a namespace in which they are supposed to be blocked
    • KProbe_syscall_block_v2.0 --> nulls out the registers values for the syscall, when they happens from a namespace in which they are supposed to be blocked, thus leading to killing of process if atleast one argument to the syscall contains a pointer.
  2. LSM (Linux Security Module)
  3. eBPF (Extended Berkeley Packet Filter) :- see eBPF_block_mkdir

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages